Brazilians receive more unwanted calls than any other nationality. We discuss the reasons why with representatives of the Brazilian comms regulator, Anatel, before examining their radical plan to restore confidence in telemarketing calls.

Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Transcript (auto-generated)

Hello, this is the Communications Risk Show and I'm your host Eric Priezkalns. Each
Wednesday we talk about the risks faced by comms providers and their customers, including
interviews with experts from around the planet. It's a conversation show and you can join the
conversation. Share your comments by typing into the window immediately beneath the live stream on
our website at Messages are anonymous, so include your name if you want me
to read it out. The show is also streamed live to LinkedIn, so feel free to leave your comments over
there. A member of our team will pass them along. I'll read out as many of your observations as time
permits. Today we'll be showing a recorded interview with two men from the Brazilian
telecoms regulator Anatel. Gustavo Borges, Superintendent of Control of Regulatory
Obligations, and Sami Benakouche, Manager of Control of Regulatory Obligations, will discuss
the reasons why Brazilians receive more unwanted calls than any other nationality and the country's
unique plan to reverse the growth of spam telemarketing calls and restore trust in the
telemarketing calls that will remain. But before we play that interview, let's chat about some other
hot topics in the global communications industry with my colleagues Ed Finegold and Lee Scargill.
Ed Finegold joins us from Chicago. He's a respected author, analyst, and strategic advisor to tech and
telecoms businesses. Lee Scargill is in Bahrain. He's an executive and consultant who's managed the
risks of communications providers in the Middle East, Europe, Caribbean, and Asia. Welcome to you
both today. Now a topic that has been bugging me for a while, which finally prompted me to do some
research recently, was the consistency or lack of consistency in how data protection rules are
enforced in practice, even in countries that seemingly have the same rules. Now data is pretty
much the same everywhere, people are pretty much the same everywhere, but data protection rules are
wildly different and their enforcement wildly different from one country to another. Now one of
the key concepts in the data protection legislation that began being drafted in the 90s was the rule to
prevent certain abuses of personal data, which would inevitably occur if you just let people
transfer data from the country to another country where different laws apply. So the idea is put in
place provisions that either prohibit the transfer of the data, or only allow the transfer of data
where it's a country with equivalent laws, or where there's a contract in place so you can use the
contract to enforce the same requirements as the law, no matter where the data goes.
Now a big history lesson, apologies not always appreciated by Americans, is that US has a
demonstrably weaker data protection regime than Europe, twice leading to the European Union's top
court striking down agreements between the European Commission, the top executive body of the EU,
and the US government. Those agreements designed to allow the free transfer of personal data
from Europe to the USA. So we know already that there's a problem at the biggest level between
governments, politicians saying that they want consistent application of data protection rules
between countries, and then actively working in the opposite way to try to cover up the fact that
these things are inconsistent, as beautifully demonstrated by Ed Snowden, who pointed out how
much personal data was being souped up by the NSA from telcos in the USA. So international
consistency is key, but even within the European Union, not every GDPR fine is made public,
but huge inconsistencies in who's getting fined for GDPR. And the data analysis I did a few days
ago, Spain, just one of 31 countries that has GDPR, and yet it has handed out 103 separate GDPR
fines to the top four Spanish telcos since GDPR began in 2018. To put that into perspective,
all the other 30 countries which have GDPR, between them, have only issued 111 fines,
very slightly more, across all the kinds of businesses that are active in telecoms, media,
and broadcasting. Now, one small caveat, not every fine gets published by every country,
but nevertheless, a lot of fines being issued to Spanish telcos, compared to the fines received
by telcos in other countries. So to get the chat started here, Lee, obviously, you are Brit,
but you've worked in many countries around the world. Does the issue of different data protection
expectations ever cause a headache for you, or are data protection rules so weakly enforced
that they never come up in practice? When the rules are enforced, are they likely to be enforced,
or are you generally in a position where the laws are going to get ignored because
it's so rare for any enforcement action to occur? So it's a bit of both, Eric, if I'm being honest,
but yeah, I'd describe it as a lot more worse than a headache. Yeah, that would be probably
describing it on a good case. But yeah, so first of all, you need to know, right, there's all
different laws around the world in each different country, but then it gets a little bit more
complex than that, because if you take the USA, for example, the laws tend to vary there from
state to state. So the privacy laws in California, they're completely different to the laws in
Colorado. So compliance can be very difficult, right, even on a country level basis, right?
If there was ever a topic that needed like a globally adopted standard, then data privacy
is it, right? Now, to answer the second part of your question, you said, you know, from my
experience, like, it's the enforcement of these laws, right, especially in countries outside of the
EU, outside the EU, right, that's relatively, from my experience, is non-existent. I've seen
so many violations of data privacy around the world, right? So unless you have a desire from
the government or from international regulators to enforce it, then nothing happens. But that's
the problem, Eric, right? There is no single authority that enforces privacy laws worldwide.
So in a way, it's not a headache for you, because as a professional who works for a big business
that handles a lot of personal data, you're not getting hit a lot. But as a consumer,
as somebody who uses phones, you're aware that you're not being protected either.
Yeah, you're right. I mean, we still have to comply, although there might not be a single
authority out there, we have to comply at the end of the day. But as a user, then yeah, I mean,
it's bad news that your private data, your personal data is just being bandied around
on insecure servers, and they're not being, you know, your data is not being looked after responsibly.
Now, Ed, apologies here that I have to talk about the USA being the big bad of the data protection
world. But it is, because the tech industry is so driven from the USA. There is a movement,
I appreciate there's a movement in the USA to implement some laws in the style of GDPR.
But there's also a lot of resistance to those laws in the USA. And, you know, this is very
problematic for how we manage data globally, including in the telecoms industry, because
so much data ends up being processed in the USA. There's so many businesses based in the USA,
there's so much capacity to process data in the USA. But the rules, the enforcement regime
are considered weak compared to those find in Europe. And attempts, as I say, to authorize the
flow of data between Europe and the US, one can sympathize with the European activists who are
very worried about their data, personal data being transferred to the USA. There's been a whole host
of cases involving companies like Facebook, for example, where there's been a lot of criticism
that personal data will be abused if it's allowed to go to the USA. Do you expect, Ed, that US
citizens will ever force meaningful change within the USA? Or would you advise, Peter, the inhabitants
of other countries to always be wary about having their personal data transferred to the USA,
where it's scrutinized and potentially could be abused by somebody without them having much recourse?
Yeah, I mean, I think, so there's sort of two separate questions there, right? The latter part,
I think, you know, yes, people should be wary, right, of their, all of their data and transactions
in their digital life, but especially if it's going to a country that's like pretty cavalier
about privacy, if that's an issue for you, and the US is. So I agree with you on all those things.
As far as whether the, like, this will become an issue for the US public, you know, before the show,
I really tried to think about that. And it's really not on the political agenda now. So I
asked myself, well, what would put it on the political agenda? And it would take, like, some
kind of catastrophe or something really, really visible to make that happen. And then I thought
about it and said, well, something like that is happening. There kind of is this ongoing catastrophe
occurring when you think about, like, the scams, you know, that we're talking about, there's the
sheer volume of scams and the number of victims and everything else. And yet that doesn't,
you know, turn the page, I think, because people don't, it's a complex issue, right, that people
don't understand well. And then, if I come back, you know, to some of the other themes of the show,
if you think about, like, how much we've talked about stir shaken, and how much money and time
and effort has gone into that system, and all the flaws that we're talking about, and that we'll
talk more a little bit about today. How much energy has been put into that, and relatively
how little has been put into data protection in the US, by comparison, I think, right? Like,
there isn't a similar banner being held up for reasons I don't necessarily understand. And so,
I just find that to be really odd, and inconsistent, and maybe even reckless,
right, to that point of view. So, again, do I think the US public is going to do anything about
it? I don't think so, because I just don't think anyone would understand what to, what do you do?
You know, maybe that's what we're supposed to tell people on this show.
But what's the barriers? What's the barrier to the US federal government simply copying what's
been done in Europe, and hence providing consistency from state to state to state,
so we don't have this? I find it strange, and you know, Lee's already commenting on this,
I find it strange that this is being dealt with at state level within the USA. And yet,
this is a problem which can't be solved unless you're conscious of the difficulty created by the
fact that data can travel anywhere in the world. If you move data from one place to another,
you have to have the same principles applied to protecting that data in the other place you move
the data to, otherwise, the rules you have in one place become redundant. So, for me, it would seem
to be this very little point to having a federal government, unless a federal government is the
kind of government dealing with an issue like this. This is clearly not to do with what's suitable for
local people who live in Pennsylvania, or Alabama, or Arkansas. This is obviously a federal government
issue. So, explain to me as an outsider, why isn't the federal government able to act on this topic
in the USA? I wish that I understood. I mean, I honestly, I follow this. And it's just a really
weird, murky crossroads, I think, of a lot of strange political angles, from conspiracy theories
to the Ed Stoden stuff you talked about, to this like fierce, rugged individualism, you know,
thing, which you'd think would make people more worried about data privacy, but somehow it makes
them more opposed to having any extra regulation, right? So, it's a really bizarre conflict of
ideologies that just sort of leads to this, this ongoing inaction, I think, probably because no one
would benefit politically from championing it, or they would have done so, right? And again,
it's probably because it's too hard for people to understand, unfortunately. Yeah, go ahead.
I mean, when you mentioned people not politically benefiting from it, I'm very, you know, I'm very
cognizant that Ro Khanna, a very successful, very powerful senator in the USA, led the campaign to
get Bernie Sanders nominated for the Democrat nomination, is often considered to be a likely
nominee, Democrat nominee for future presidential elections. Huge backing from the West Coast, where
he's got tremendous support amongst high tech businesses, often considers to be one of the
leaders in terms of articulating what needs to be done in terms of regulation law around the
technology industry. Even he, given where he comes from, you know, the wing of the political
factions in the USA, that's more likely to be keen on government intervention. Even he said GDPR would
be too extreme for the United States of America. He talked about the GDPR, I think he used a kind
of metaphor where GDPR would, if it was ranking 10 in terms of the extent of the provisions put in
place, the USA needed something like 5 out of 10, rather than 10 out of 10. And I found that very
strange, because, again, my simple understanding of US politics there, this is surely somebody who
should be ideally placed to say, well, we should be having all the privacy rights that Europeans
have, rather than making the case that Americans don't need all the privacy rights that Americans,
that Europeans have. Well, I may be standing up just for the interests of corporations that don't
want to spend the money to implement and have to comply with a new thing. And I don't know that
the argument goes any further than that, because it doesn't hold water. It doesn't make sense for
the exact reason we just, I'm actually annoyed by it, you know, for the exact reason we just
talked about, you know, like on the stir shake inside, they'll specify the heck out of that
thing and force it on everybody. Sure. That's not too much. This technical standard that only works
on SIP, you know, we're going to get into it. That's not to put GDPR, which is like a list of
10 recommendations of how you manage data and databases and how you tag things and what you're
allowed to not allowed to do and when you have to or not have to get consent. That's too much.
Right. To build into a website and a database. I mean, come on. That's ridiculous.
Ridiculous. Okay. Okay. Hold that thought. We'll, we'll, we'll, we'll spread the pain by being
critical about some Europeans where we come back after the short ad break, because each week we
have our sponsored features. And the first sponsored feature is from our friends at Symmetry
Solutions. Now their PRISM fraud intelligence team provides us with an interesting fact of the week.
And this week's fact relates to the scams that play customers of phone companies. A snapshot of
data maintained in Symmetry's PRISM database shows there has been a 114% increase in toll-free
numbers offered to fraudsters since April of this year. Not a very long period of time for
such a huge increase. These numbers are being used to dupe ordinary phone users into transferring
money or sharing their personal information. Criminals may be switching to toll-free numbers
because ordinary people are more inclined to trust those numbers and call them back. Are you
worried that your business might be carrying scam calls like these? Do you need new intelligence
about the numbers used by scammers so you can block these calls proactively and protect your
customers? Then contact the PRISM team at Symmetry Solutions, and they'll help you shut down these
calls before anyone is harmed. The URL Now back to the chat here.
So let's pick on the Europeans a little bit here. Lee, I'm going to bring you in on this one.
5% of all known GDPR fines. Now, again, I emphasize that not every authority publicizes
every GDPR enforcement decision, but most of them publish most of them. Let's put it that way.
5% of all the known GDPR fines have been issued to Spanish telcos.
That seems remarkable to me. In fact, Spain's Data Protection Authority has issued more fines
to telcos than most national authorities have issued GDPR fines to any kind of business.
30% of all the GDPR fines that have been known to have been issued have come from Spain. So
my question to you, Lee, is there also a problem here that some regulators,
they're going overboard? Is the Spanish regulator here, by the very fact that they're issuing
way more fines than other countries, is this an indication that they are finding trivial things
that most other regulators would say there's no real need to have a fine here?
Look, you have to comply with the laws, right? No matter where you are in the world, right? So,
whether you're in Spain or somewhere else, or whether you're in Asia, a company which is
processing data of an EU citizen, they still have to comply, right? So, for me, and I mentioned this
earlier, it's actually the issue here is about the enforcement and having this lack of this
global authority to clamp down on non-compliance, right? Now, I just want to kind of expand this a
little bit further onto a related topic, right? Now, I know a country, right, it actually has a
national identity card, right? And everything that's related to the government, right? So,
things like health services, immigration, access to telecommunications, right? So,
services like immigration, access to telecommunications, this type of stuff,
even the banks, when they send you messages, they encrypt that data or they password protect it
using the last six digits of your national identity number, right? Now, the problem is this,
is that the demand, right, to prove your identity, right, has crept into almost every,
it's like day-to-day activities. So, things that if you're receiving a parcel from DHL, you have to
give them your national identity card. If you're going to go to a store, you want to get a loyalty
card, right? Again, you have to show them your identity card. And basically, you have, they take
a copy of it, but then you have all of this information, right, which is kind of stored
on these insecure databases, which are all over the place. And these are liable to get hacked,
right? So, you have this kind of classic example of how the misuse of personal information, right,
which was actually originally designed to prevent identity fraud, right, that ends up becoming an
enabler, right, if you know where to look for this type of information. I think you make a very valid
point here, but I want to come back to this question about, is Spain out of line? And I know
you're not an expert on the Spanish market, so I'm not asking you for analysis there, but let me make
the following observation. Vodafone, their business in Spain, has been fined over 70 times for GDPR
violations since those rules came into effect in 2018. The UK, never been fined once.
It seems to me improbable that the business that they're running in Spain is so much more terrible
than the business that they're running in the UK, in Romania, in Italy, my point being that they're
getting fined a lot more in Spain than anywhere else. And in fact, Spain is handing out a lot
more fines than whole countries hand out to any business whatsoever. So there's something out of
line here. My question here now to you Lee is, if you were say working at group level for a telecoms
operator, you can't not comply with local laws, you'll comply with local laws. But if you're
working at group level, wouldn't you just say to yourself, let's avoid doing any data processing in
the country that hands out all the fines. We'll just make sure that whenever we have a choice,
we'll do our data processing somewhere where it's a lax, lenient environment. Isn't that the danger
that even when fines seem like a good thing, all that it does is it acts like a flag saying don't
process data here if you can avoid it, put it over there in that country where nobody ever gets fined.
Yeah, look, you've made a very good point there that there are some group
companies which operate in Spain, which also operate in the UK. So you'd probably expect,
if it's a group mentality, there's group policies. Yeah, it's pretty much done on,
you know, it's done, it's done on the same way. Now, it comes back to is why are 5% of the fines
then in Spain on Spanish telcos, but not in UK telcos, right? And is this because in the UK,
they're not enforcing, we don't have this, there's no, there's no compliancy check? I don't know the
answer. And I can't, I don't want to speak on behalf, because I don't know too much about
these situations. But you make a valid point, Eric, is that these are group companies, yet in
Spain, Spanish telcos seem to have an issue with this, but it's not replicated across the rest of
Europe. And apologies to Vodafone here, I don't mean to just pick on them. My point would also be
the other groups like Telefonica, they're more likely to get fined in Spain, then they're going
to be fined in other countries too. So again, even that pattern suggests is to do with the
enforcement regime, rather than the just particulars of the business. Guys, I'd like to
keep on talking about data protection, but time keeps marching on. And we have this superb interview
lined up with the guys from Anatel. So before we bring on those guys from Anatel, let's just
quickly have another sponsored feature. Every week, Geoffrey Ross of Call Authentication, Fraud Prevention
and Geolocation Specialists, OneRoute, takes us on the tour of the world in our phone. This week,
we're going to Singapore. Roll VT!
Hey everyone, from OneRoute, I'm Geoffrey Ross, and this is the world in your phone. Let's talk about
Singapore. The skyscrapers, nightlife, cleanliness, and beautiful architecture make Singapore ideal
for anyone to enjoy. Singapore is a massive city and country with so much history and facts to
learn. But did you know that in July 2023, the Infocom Media Development Authority, IMDA, announced
that the city-state's three main MNOs will fully retire their 3G networks by July 31, 2024. This
comes as a result of the legacy technology largely being replaced by 4G and 5G, and less than one
percent of connections in Singapore are currently for 3G. It'll be interesting to see what other
countries follow suit in this short timeline as the next generation of networks continues to expand
globally. Some other interesting facts that I found was Singapore is one of three surviving
city-states in the world. Singapore doesn't have a capital city, since it's a city-state, a country
that is literally just a city. The other two are Monaco and the Vatican City. Singapore is made up
of 64 islands, and the Lion City's symbol is the Mayor Lion, a half-lion, half-fish creature.
Singapore held the world's first Formula One night race, and it holds the Guinness Book Record
for the longest human domino chain, which was comprised of 9,234 students, and was set in
Singapore in 2000. Be sure to subscribe to OneRoute on YouTube, where you can catch up on
the world in your phone, and watch the OneRoute Roundup, the show that spotlights individuals
and companies making a positive difference in the telecom industry. One more fun fact I found
out about Singapore, the World Toilet Organization was formed in Singapore in 2001. This was after
the city-state proposed making November 19th the World Toilet Day. On that note, Eric,
back to you and the Communications Risk Show. Cheers!
Thanks, Jeffrey, and good on you and Singapore for highlighting the importance of sanitation.
Like many of the topics we discuss in this show, it's easy to take sanitation for granted
when you already have it, but it makes a huge difference to the quality of life,
which leads me nicely to the topic of hygiene for communications, and more specifically,
the need to keep our phone networks from being clogged up by bad and unwanted calls. I spoke
earlier with Gustavo Borges and Sami Benakouche of Anatel, the telecoms regulator in Brazil,
and they were telling me about Brazil's plans for clearing up a lot of the spammy and silent calls
that plague Brazilians. Other countries should take note because there are some very significant
differences between Brazil's plans for reducing unwanted calls and the measures that have been
proposed and adopted elsewhere. With a population of over 200 million people and more unwanted calls
than any other country, there's a lot to be learned from the Brazilian experience. I'm also
keen for your audience feedback, so do continue to leave your comments, get typing away at your
keyboard whilst the interview is playing, and we'll read them out afterwards. So without further
ado, here's the interview. Roll VT. Hello Gustavo, hello Sami. Thank you for joining us from Brasilia,
where you both work for Brazil's communications regulator Anatel. Now Gustavo, you are the
Superintendent of Control of Regulatory Obligations at Anatel. Sami, you're a manager in the Control
of Regulatory Obligations team. Those are the English versions of your job titles. I appreciate
you're taking the trouble to discuss the exciting work you're doing in Brazil so it can be understood
by our international audience. Of course, the problem of unwanted nuisance calls is high on the
agenda in very many countries, so it's really good. I really appreciate that regulators like yourself
are taking the time to explain to regulators and communications providers in other countries
what you're doing, the unique approach you're following in Brazil. It sounds absolutely
fascinating and when I've spoken to people around the world about the work that you're doing
in Brazil, people are really keen to learn more about the approach, so I really appreciate you
taking the time today to speak to us. Now, Brazilians receive more unwanted phone calls
than any other nationality. Can you please explain, beginning with you Gustavo, who is making
all of these phone calls? Where do they come from? Are they from telemarketers? Are they from scammers?
Do they originate inside Brazil or are they international calls?
Hi, Erick. First, thank you for the invitation to stay here and talk about the subject that
challenges us daily. First, it's important to mention that the most calls originate in Brazil
and, in your case, the previous recorded calls are not representative, which defers our challenge
from other countries. Our biggest problem is related to the call center industry
in their activities of sales or debt collection, which tariff inappropriated prices.
They are using random numbers to force consumers to pick up the phone as they don't know if it's
an important call. Also, this practice is spoofing, so it's not good to the telecommunications
health. Also, the call center industry is using predictive software that triggers a certain volume
of simultaneous calls already considering the attendance rates as a solution to keep their
work team productive. But the season's experience became awful, receiving incessant calls from
random numbers that often, when answered, do not produce communication and are disconnected
when the software already acquired the attendance and abandoning most of the calls triggered.
That's our problem.
Sami, do you wish to jump in here as well and comment on this? I'm particularly interested
here in terms of the fact that there's some spoofing, though I also understand that there's
an 0303 number range, so these are spoofing numbers in that range or outside of that range?
Well, to the first question about the calls, Gustavo has already touched on it. One thing
that you mentioned about talking to people in other countries and other regulators,
and of course that's something that we looked at to do what we're doing, and we noticed
really early that the situation in Brazil is different for a lot of reasons that we'll get into.
But, for example, if you look at the States, if you look at the UK, you guys get a lot of calls
from other countries that speak English, so you have a lot of scam calls and telemarketers and
whatever that they do speak English. So in Brazil, mostly the calls originate from Brazil,
just because not that many people speak Brazilian Portuguese, so that's the main reason we are
dealing with telemarketers and scammers specifically from Brazil, which kind of helps, I guess.
And what you asked about the 0303 and what was that? I'm sorry if you could repeat.
So to explain 0303, that's the number that telemarketers are supposed to use in Brazil.
When we talk about spoofing numbers, are the people doing the spoofing spoofing 0303,
or are they spoofing a completely different number instead?
Just me, they were using aleatory numbers, but then Anatel has prohibited these calls
and determined operators to block these calls of random or unregulated numbers fighting against
these spoofing methods. So nowadays they are using the 0303, which is a number,
a specific number that Anatel has determined to be used in the sales calls in Brazil.
Right, I see. Thank you for explaining that, Gustavo. So staying with you, Gustavo,
when a call begins 0303, so it's using this special range for making sales calls,
making telemarketing calls to people, how many of those calls are actually picked up by Brazilians?
Once the citizens know that the 0303 are for sales activity, there is a low response rate.
The numbers indicate cases where the success rate on useful calls is about 5%, 10%. It's a
little bit. Call centers are calling 100 people to get five calls answered. 95 people were connected
without the work team being able to respond. And so they use software that calls to a lot of people
trying to get five. And so 95 people were contacted without attendance to maintain a conversation.
And Gustavo, is this therefore related to, I understand there's a problem in Brazil with
calls lasting less than three seconds in duration. There's supposed to be very many
calls that have this very short duration. Is that connected to what you're saying
in terms of these automatic calls that nobody picks up?
Yes, perfect. What we noticed is that it is automatically dealers are receiving already
considered that 10% of the calls will be answered. So as soon as by all the answering capacity,
they abandon the other calls already dialed. Some of the 90 of consumers try to say hello
and pick up the phone and say hello, but the calls drops within three seconds.
In the CDR, which is the database of calls in the network, we noticed that more than a half of the
calls in Brazil had a profile of duration within three seconds. So this is what's going on. These
are calls that abandoned by the predatory software. We do not produce communication
cause nightmares in the consumer's experience. So each consumer receiving those enough calls
a day with no communication objective is not a pleasant situation. So, and I tell determined
limits on the volume of daily calls from the same originating company, as well as limits on
unproductive calls. Telecommunications operators were required to monitor these limits and block
companies that exceed these limits for 15 days. As a reference month prior to the decision,
we had 28 billion calls on the network on which 18 billion workshop calls, 60%.
In the same month of the following year, this year already, we are around
21 billion total calls with 10 billion short calls, almost 50%. That represents a
reduction of 8 billion calls by month or 96 billion calls by year. That's it.
Yeah. It's terrible. Sami, let me bring you in here because this, this sounds like
a situation, which if you don't address, we'll only get worse and worse because you have the
telemarketers. They want to get the call through the people, get annoyed. They don't answer the
call when they do answer the call. There's nothing that no one's speaking to. So even more calls are
made. So then people get more annoyed. It sounds like it's been in a downward cycle, perhaps for
a while, Sami. Yeah, I think you said it perfectly. You can see a pattern. You can see that
in the last, let's say decade, people have started to move away from voice calls and people have been
using less voice and telemarketers and collection agencies, they still use it as a main way of
contacting users and consumers. So what happens is like you said, people are using less the phone
as a phone. They need to talk to you. So they will call you. People don't pick up because now we have
caller ID and we know who's calling and people are in the habit of not picking up numbers that they
don't know who they are. So what happens is telemarketers have to get assertive in the sense
that, yeah, they have to use those softwares that Gustavo mentioned to make sure that, okay,
if people don't pick up, let's call more people and then we'll talk to those who pick up. And then
people stop picking up the same way and start blocking numbers. So they say, okay, so let's
random, like let's poof random numbers so that the numbers that were blocked still go through.
And you got into a cycle. You get into a cycle when these people need to talk, they will call
more, people answer less, the less they answer, the more they call. And it becomes a little bit
like a denial of service attack in the sense of people simply stop using the system. Yeah, exactly.
And like Gustavo said, one of the things that we did was, okay, if you make that many calls a day,
the user has to be blocked. So because you get to a point where it's like, okay, you are not trying
to communicate, you are trying to spam calls. And just touching on another thing that you
mentioned, the three seconds, one thing that's relevant, I think is there was an old regulation
in Brazil that said, that was from the times where calls would get dropped when calls were
charged by the minute, by the second, there was a rule that said, okay, if your call gets dropped,
if your call gets dropped in under three seconds, it's not billable. Just because people
would be calling somebody, the call would get dropped on pickup. And then they would have to
call again and pay twice. So three seconds, we felt at the time that it was something reasonable
to, okay, this is not a communication, this can't be built. And then companies just seized upon it
in the sense that, oh, so we can make all these calls. And those that we hang up before three
seconds, we won't be charged for them. So of course, last year, Anatel worked to remove that
regulation. So that regulation is no longer working, is no longer under act. And now all
those calls have to be called, have to be charged. So yeah, it is the cycle that you mentioned.
Yeah. Good idea. And that's not the only area where Anatel has been active. So let's talk about
something else that's also new this year. So earlier this year, Anatel launched a web portal
called, and please forgive that my Portuguese skills are not like your English skills,
Cal Empresa Miligu, which company called me? I hope I said that correctly.
Thank you. Thank you. So this portal gives Brazilians the opportunity to check which
business is behind the phone number used to make a call that they didn't want to receive.
Gustavo, what was the thinking behind providing this portal? And how do ordinary people
use this portal, Cal Empresa Miligu, in practice?
The portal is about important users, about knowing who has reiterated a call then,
and which company was irritating them or being a nuisance. So people in Brazil got into the
habit of blocking nuisance calls, but some companies just use different numbers. So we felt
that important then to know specifically which companies were calling them was an important step.
Knowing who is causing that nuisance is useful to complain to the company directly,
or in consumer protection bodies or in court. So I think that this portal has some
audience. It's not a big audience, but those who are using it, they take the information,
they go through the bodies, making complaints, and it's a good thing that those companies were
not being affected by this behavior. And now they are being asked to change this behavior.
I see, I see. So I could say it's a thing, it helps, but it's not the big thing. Let's talk
about the big thing. Now, Brazil has a telemarketing association that includes the businesses which run
the big call centers. In English, we would call that association the Association of Brazilian
Teleservices, ABT. Viewers in the USA, they would find ABT to be similar to something they called the
Professional Association for Customer Engagement, which was previously called the American
Teleservices Association. Now, it's been reported in the press that ABT volunteered in Brazil
to implement and pay for stir shaking in Brazil. Before we discuss the detail of what will actually
be implemented, Gustavo, can you please help me to understand, why did ABT volunteer to pay for
this technology to authenticate calls made by their members without being forced to do it by you,
the regulator, Anatel? It's an interesting situation. When Anatel's blocking measures
were adopted, the call center industry felt the brutal drop in the results, and they sought out
Anatel supporting the sanitation measures, but looking for solutions that would enable the
maintenance of their industry. Identified and authenticated calls help the Brazilian case,
importing consumers even more with more assertive and online information about who is calling,
its difference about the portal, and the SUSEX rate in answer calls tends to be higher
than when using generic numbers like 03, 03, or random numbers. If you know who is calling,
maybe you could be more okay to pick up the phone. When they came to us asking for the solution,
we warned them that it was very expensive, so they looked for suppliers to understand this expensive
and to evaluate the possibilities, and then they understood that it was possible to divide
the central investment between the different companies considering the billions of monthly
calls, and then they proposed the implementation to Anatel. This was an important, provocative
movement, but there will still be high investments in the network. The biggest problem is the
investment in the network, so the strategy we set up to deal with the internal costs needed
to network evolution was that offering identified and authenticated calls is not mandatory,
so it's not an obligation, but an option for each telecommunications company,
but this option is encouraged as call centers that use identified and authenticated calls
will not need to use the specific number 03, 03, so they will be very interested in using it.
The telecommunications company that does not offer SteerShake, and that is the solution that
we are implementing, will naturally be losing out to the competition.
In this model, call centers companies want to use SteerShake to upgrade attendance sources,
and the telecommunications companies that do not offer this solution will lose market share,
so there are companies with IP and basic, very plug-in to the solution,
low costs to offer this, and they will be offering it. The major operators that are very
long-term, TGN-based, they will have some problems with that, but they will handle with it,
they will make investments in the part of their networks to attend call centers,
their clients, so I think that's a market solution.
Amazing, yeah, amazing, sounds incredible Gustavo, and Sami, let me bring you in here as well,
because I'm not aware of any country where so much is being driven by the businesses in the
marketplace, so much is coming from the marketplace, and the regulators working with the marketplace,
as opposed to just imposing the solution, so we have a situation here where the big call center
firms, they want the calls to be connected, so they're saying rather than use these 0303 numbers,
we will voluntarily implement this technology, so that when the customer sees the handset,
the number ringing, they also get the confirmation where it's coming from really,
so they have some confidence which business is calling them, which increases the chances
that they will answer the call, but also interestingly, the market forces also is
being applied to the telecoms business, because if they don't support the supply of this information
to the customer, the call center probably doesn't want to be using that business as much as they can,
so Sami, this is something that just happened organically, or is, I mean, what's the process
like in terms of, was it just that the telemarketing companies came first, and then
there was a need to respond from the telcos, it sounds amazing that you managed to find
this consensus in Brazil, when other countries they really struggle with this.
Well Eric, to be honest, I wouldn't say organically, because we have been working
on this and discussing this with companies, with regulators, with stakeholders for a lot of time,
for a long time, so it is something that you kind of like, like I said in the beginning, you look at
how other countries are doing it, how, what works, what seems to not work as well, and you end up
looking for different approaches, and what we noticed was exactly like you said, you have a
heavy user base, like we said, it's 20 million calls, 20 billion calls a month that they want
that call to go through, they need to reach their audience, and they are a big, they are a relevant
player in terms of consumers for the company, for the phone companies, so you have people that
need to make those calls, and like you said, the companies know that they, if they don't get into
this framework of authentication and identification, those big users won't be there,
they won't, they won't be on their networks, and on the other hand, one thing that I think it's
relevant to also, is like we, also like we talked about, people, the level of
irritation, and the level of just lack of peace for consumers, got to a point that I think that
the providers realized that being able to say, oh, we are a company, that if you are our consumer,
our consumer, you will get safe calls, you won't get scam calls, you will get identified calls,
this is something that is interesting, because in the end, it's all about adding value to the
service, to a service that today is not like it was 15, 20 years ago, and you add value to it,
because there's still people interested in it, and then you say, okay, this is the value that
we're adding to it, the people that are interested can get on, can get aboard, the people that don't
want to, you don't have to, and we kind of hope and feel that this meeting between the people
that need to use the service, the service, and the people that are interested in it,
will be enough to show people that, okay, if I don't get in, I'm staying behind.
I think you're right, I really admire the way you've done this, I appreciate, I make it sound
like it's organic, it's easy, I'm sure there was very many conversations to get to this point,
but this is why I admire what you're doing, and I think it's very important to show as an example
to other countries, because there will be sometimes in other countries, a skepticism,
a disbelief that it's even possible to arrive at this kind of agreement between all the businesses
involved. Sometimes they just don't have the belief, and they just say, we will impose the
solution, but if you can find a solution that everybody will agree to voluntarily,
then there is a greater chance that I believe that it will actually succeed in practice,
because then people are all working towards making it a success, rather than, forgive me,
sometimes happens in some countries, people play games, I didn't want it to succeed anyway,
so they do some things that induce the chance of it succeeding. So I think this is a great example
that I expect other countries will look at closely, in terms of when they're having their conversation,
and people say, we can't do this, we can't do that, they'll be saying, but look at Brazil,
this is a big country, they were able to find a way forward, we can be finding a way forward by
talking to each other. Now, forgive me, my next question is a very involved question, and it's to
do with the technical detail, because the words stir, shake, and get used a lot, but sometimes
they're not always used in exactly the same way. So I want to be very precise with this question.
Now, stir, shake, and refers to two sets of standards. Stir is from the Internet Engineering
Task Force, the IETF, and shaken is from the Alliance for Telecommunications Industry Solutions,
ATIS. Most people know about stir, shake, and because the US regulator made it mandatory for
all calls over IP networks in their country. So their rule only applies to IP networks,
because the stir digital signature is transmitted in band using SIP signaling, and only IP networks
have SIP signaling. We've already said that Brazil is going to be different because ABT wanted to
voluntarily implement authentication, and because the telcos, you rely upon market forces to encourage
them to implement in the country. Am I also correct? Please explain to me if I'm wrong.
Am I also correct in my belief that Brazil intends to use some of the same technologies USA,
but you will allow the signatures to be sent out of band as opposed to requiring it to
being in band? Was an out of band version of this technology chosen to overcome the problems the US
has with IP networks, or am I mistaken in my understanding? Gustavo? Just the information
before. After some debates, the model that won was to have a governance group composed
of Anatel telecommunications companies and the call centers industry, like ABT.
This group directed the guidelines to implementation group, and so this implementation
group has led by ABR. ABR is an association of telcos operators, so the costs of centralized
solution will be divided among the telecommunications companies, which will naturally
charge the call centers company for the added value of authenticated calls. So nowadays,
ABR is implementing this solution. And about your question,
implementing the solution in Brazil has to take into account that Brazil has a part of its
network that is still TDM, no IP-based. For a call to be identified and authenticated, therefore,
it's necessary that the origin and destination company are able to establish a flow of
generation and verification of tokens. Even if a company in transit is TDM, it's possible to check
at the destination company of the call with token management that the call data has not been
tampered with. We already have an agreement with the largest traffic generation companies in Brazil
and also with the big telcos in mobile telephony, signing the contract with the vendor and
dividing the costs of the centralized solution. So the contract will be signed today.
Today, good stuff. We're hot news, we're hot news. And I'll be sure to include in the
details when the show goes out, the details of which companies have won that contract.
So Sami, I'm still not entirely clear. Help me out in this in terms of will the signatures
been applied in cases where part of the call is being carried over a TDM network
as opposed to an IP network? So I think Gustavo has a point. You raised your hand.
Yes, go ahead Gustavo. We'll have a flow for calls that involve IP-based providers,
fully comply with still shaking solutions and an out-of-band flow for calls that go through
companies with TDM networks and comply with the OOB, which is not a variant but a delivery
mechanism of still shaking. It's defined in the specification by 80s. So the solution in Brazil
will be interoperable with the USA, Canada and France. Okay. So both in-band and out-of-band
methods will be used in Brazil. Yes. If I can add something, Eric. I'm not the best technical
person. I'm not an engineer. I'm a lawyer. But just going back to what we talked about is
Anatel made it known that, okay, those calls can be offered. They can be made
available to users to add that value that we mentioned. But it's not whatever different
company can just pop up and offer this kind of service. Because when you're talking about network
security and authentication and things like that, it does have to be like some kind of centralized
structure. Otherwise, the identification part of it and even the authentication part of it
becomes a little bit complicated. So what we did was, okay, those services can be offered
and they need to reach certain levels of reliability, of authenticity. And then the
company, the phone companies that are interested in it, we are having currently pretty much daily,
weekly meetings, technical meetings, in which they are looking at their own network and looking at
the technical provider that they have selected and looking at the networks and saying, okay,
how can we make that work? So it will be complicated for Anatel to just say, okay,
you're going to use those technical specs, those technical manners of looking at it. Because to be
honest, we don't know the network, the phone company network as well as they do. There's a lot
of different phone companies. So it was the same thing. It was, okay, we need to get there and we
need you all to get together and figure out a technical way that your networks can handle
and at the same time gets to where we need to go. So like Gustavo said, when you look at TDM networks,
and you look at the way American Stir Shaken works, with the need of the header and the
token and everything to go through the network, the solution that was found was the possibility
of part of it going out of band and then being reunited at the end of the call.
I have to admire what you're doing. So I want to be very clear for the sake of the audience
listening to this interview. It's not just that you are implementing Stir Shaken in Brazil,
you're actually going technologically in advance of what's been implemented in other countries for
Stir Shaken. Because although it's not mandatory, it's voluntary for the businesses doing it.
I don't believe there's any large scale implementation of an out of band solution
for Stir Shaken anywhere in the world. The only solutions that have been implemented in countries
like the US, Canada, France is the inbound solution, not the out of band solution. So in that sense,
you are leading the way. And I can imagine, I'm not an engineer, but I can imagine this is going to
be technologically challenging. This is some new work, never been done on this scale
with networks before. But at the same time, it proves that the idea can be applied across
all phones, all networks. Because if you don't do it with the out of band solution,
then a lot of the value is lost, because you're already very limited in which calls this
technology can be applied to. So I think it's fascinating that you are going down this route.
And that's another reason why I expect other countries will be following very closely the
technology of the implementation. But I won't pressure you for more about the technology.
We'll bring on some Brazilian engineers in the future to discuss the technology with us
in the future episode. Coming back to payments, Gustavo, who pays for the solutions here.
Now, you mentioned that we talked about ABT volunteering for Storeshake and wanting
Storeshake. And then you mentioned, of course, ABR Telecom. Also, now there's a model here in
terms of how the costs will be allocated between the businesses. As a regulator,
how easy was it for you to get everybody to an agreement as to how the costs would be applied
in practice? Look, the call center industry sees the identified calls as the reception
of their business. So they are in a hurry. And that's why they are being so dedicated.
However, the implementation of Storeshake involves investments in their networks.
And it's a security thing. It's not a simple thing. It's a complexity of project. And so
once operators asked for leadership and committed to speed implementation,
it was the most natural path. So the operators saw that the investment would be
covered by the added value in their calls. So with demand, they may offer the solution.
Fantastic. And Sami, bringing you in here again, this model that's been applied in practice for
managing the costs, is that publicly aware? I'm thinking here that other regulators
may be interested in seeing how the costs are managed in Brazil,
again, as an example that they may want to follow.
It is ongoing. The negotiation between companies and between the provider, the technical
provider, everything is ongoing. It's moving. And I'm sure at some point, some of it will be
available. I don't know, because at the end, you are looking at financial information and
technical information from networks. But the good news is that it is going.
And just touching back on something that you mentioned before, which was how easy
was it to get everybody involved? I think, of course, it wasn't easy. It took a long time.
But it was just the perfect moment between, like we said, the service losing value,
those big, heavy users, those telemarketers, having to make 100 calls to talk to five people,
that's expensive for them. So I'm sure they did the math and it was like, OK,
I might have to pay more for a call. But if I get from 5% to 10% people picking up,
that's twice as much business as I'm doing. If you have those 5%, because we know that there's
people that they have to answer every call just because of family situation, work situation,
and there's people that won't answer any calls if they don't know who's calling.
But there is a lot of people in the middle that will be like, OK, if I had known that this call
was going to be from my phone provider that wants to sell me a better plan, or this is from
my bank that wants to tell me that there was an issue with my credit card and I can trust that,
I will pick up the phone if I know who's calling. So it wasn't easy getting everybody to think the
same. But I think it reached just the perfect storm of the heavy users needing it to be different.
The companies, the phone companies, investing a lot of money maintaining that network and seeing
that, OK, it's not getting as many calls, completed calls as we want. And at the same time,
user complaints. Because the truth is, if your phone, if you get 10 calls a day,
and you don't know which company is calling you, you are going to complain to Anatel,
you are going to complain to your phone company because you don't know who is calling.
So that's one of the things of Qual Empresa Milagro is, OK, now you know that those 20
calls that you got, even though you're complaining to your phone company, it has nothing to do with
that. It's just the user that is making those calls. So I think it was a lot of work to get
to this specific situation. 0303 was something that let telemarketers know that they would have
to comply to a different way of working. Anatel's blocking order for calls that were more than 100,000
a day was something that showed them, OK, this is something that we can just do however we want to.
So once that pressure starts to, you know, accumulate on different points,
then everybody just says, OK, we might be needing to find a new way to do business.
It's so true, and I'm so glad that you've been able to make the progress you've had.
I wouldn't expect you to share sensitive commercial details about how much people are spending for
things, but I would encourage you to help regulators also in the world when there's an
appropriate time, share some case studies, some knowledge about the way in general the costs have
been split between the businesses so that this could again be an example that informs other
countries to say it can be a rational self-interest that everybody pays something towards the cost of
this rather than years of wasted arguing about the cost and then the situation gets worse and
actually everybody's worse off. So let me finish today's interview. Again, I really appreciate your
time, guys, for the time you spent today. Let's finish today. We talked a lot about the technical
side, the commercial side, the regulatory side of authenticating calls in Brazil. Let's talk about
the difference it makes to the actual ordinary phone user. What will they see when they have
the handset and the call is ringing? What will they actually see on their hand? Will people still
be receiving calls from 0303 as well as having these other calls, or is there some plan to get
rid of 0303 in the future? So help me to understand, Gustavo, the impact on the ordinary person.
Look, the model that Anatel is implementing is in another way different from the USA because
our solution will be centralized and this will bring us control over the actors authorizing
to generate, identify and authenticate calls in a simple way, as well as we can
we can monitor their behavior. So it's easier to inspect their functioning. After testing the
implemented solution and their effectiveness, verifying its suitability, the agents will
announce to citizens that identified and authenticated calls have a lower risk of being
associated with a fraud. Customers will be shown the caller's identification, such as number, name,
brand and even the reason for the call. Call authenticating stamp will also be displayed.
This is of great importance to recover the usefulness of calls in Brazil, promoting
consumers with better information for their decisions on whether or not to answer the call.
It will also be helpful to understand about the lower likelihood of fraud.
Steer-shaking will not end the problem of massive calls, but if consumer knows which company is
calling, there are ways to generate a report of evidence of the disturbance and claim their rights.
This tends to inhibit companies that care about their reputation from promoting exaggeration in
dialing and the use of useless calls. We are already talking with the handset manufacturers
to synchronize the implementation with any updates they need to enable, like Apple and Samsung and
things like that. The call center industry will not need to use
O3O3 if they use the identified calls and it's a good thing to everybody.
As more than half of calls in Brazil has been related to call center activity,
we imagine that by next year we could reach between a quarter
or half of identified calls in Brazil.
Like we have said, there are legitimate businesses that still rely a lot on voice
services to communicate, such as banks for dealing with their clients, telemarketers,
companies to sell products and services, and collection companies to go after credits that
are due. Today, the pickup rate of phones in Brazil is very low, so we believe that adding
value to those phone calls would benefit not only those companies, but also and especially
the consumer experience, so it's a big deal. It is a big deal. It's a very big deal because,
again, you're being very advanced in your approach. Some businesses will still use O3O3,
but those businesses that move ahead with the new technology are also going to have the phone user,
the phone recipient, seeing the brand, possibly the reason for the call as well. Again, this is
very advanced, Sami. I don't know if you looked at this when you were reviewing the options here.
This is something that has been discussed in some countries, some ideas around doing this,
but it seems like there's no shortage of ambition, let's put it this way, in Brazil. This
would be a very radical change for the user experience in terms of how they see calls and
therefore which calls to trust when they receive them, Sami. Yeah, I mean, that's the plan. That's
the aim, to be ambitious and to look for ways to better everything, to better regulate telecoms,
but for users to have a better experience, but at the same time for phone companies to be able to
do their business and provide those services. So, yeah, it is a bit ambitious, and to be honest,
it is a little bit of the advantage of having other experiences to learn from. This is something,
it's not, call identification is not something new. So, being able to look at other experiences
and learn from them and take the good part of it and try to solve difficulties, it is easier
to arrive a little bit later sometimes because you do have a little bit of a roadmap, but then
you kind of have to work on your specificities because Brazil is a really big country with
a really big network. So, yeah. Don't be modest. Don't be modest because we've been hearing stories
in the USA, some problems with the labelling of calls, so calls incorrectly labelled. So, again,
don't be shy. This is a lot of ambition. Even if people have attempted to do similar things,
they haven't always completely succeeded when they've done it. So, let's not be shy about
ambition. One very quick last question for you, Sami. Does the end user know this is coming?
Have they been aware? Are they informed about these changes yet? Or is that still something
that they're going to hear about in future? Just another, before I answer you, I'm sorry,
before I answer you, just another thing. Like you said, it is ambitious. It is complicated,
technically complicated. So, to be honest, I'm sure there will be mishaps, there will be
difficulties, there will be adaptations that will be needed. We are in no way
thinking that the implementation will work perfectly from day one and then just solve
everything. I think call authentication and identification would be a great, a big step
in empowering the users, would be a big step in fighting scam calls. But we are not under
the impression or the delusion that that would just magically resolve everything.
So, it is just a big step. And what was the original question? I'm sorry.
Well, the phone users, are they aware of the changes and how it will affect them yet? Or
have they yet to be informed about it? Okay, there have been news about it. If you go into
the specialized media or telecom media, and even some places it has been talked about,
I wouldn't think a regular consumer knows about it yet. But I'm sure since it is market forces
driving the initiative, I'm sure the phone companies will have every interest in marketing
it before it comes out and positioning themselves as, okay, we are a company that provides this
special value-added call. So, it will be made known. Today it is in the news, but it isn't
something that is in the zeitgeist. Well, I look forward to seeing all the
announcements that are made. And I'm sure that everybody worldwide will be taking an interest
in this because one of the things about marketing is that people in marketing,
they take an interest in what happens in marketing in other countries too. So, I'm sure they'll be
fascinated in many countries to see whether this impacts, say, the rate at which people pick up
their telephone, whether it leads to an increase in the success rate for telemarketing calls in future.
And I'm sure everybody will be very keen as well to hear. I look forward to hearing from Anatole
in terms of whether we also see a reduction in fraudulent calls, scam calls, and spam calls,
and all of that as well. It's been a good conversation, Gustavo, Sami. I'm very grateful
for your time today. We've had a very thorough conversation, but it's very exciting work.
Thank you both for appearing on today's show. Thank you, Eric, and congratulations. You all
have a good job, a great job on commsrisk. We are reading a lot of papers there, and it's very
important to us to understand the problems that other countries are facing. And so, it's important
to talk about, to understand the opportunities, to make difference. And so, thank you for this
opportunity, and it's a great job from you. Yes, thank you for having us, for the opportunity.
And you mentioned that maybe other countries would be interested in it and would be interested in our
experience and how we are looking at things here. And we didn't mention in our answers,
but just to make it clear, I think Anatel is really open to talking to other regulators and
exchanging experiences. There's a lot for us to learn from other experiences. There's a lot,
I wouldn't say teach, but share that we can share from the things that we have been going through
in the last years. So yeah, thank you for having us. And also being here and talking and sharing
this is also a really good opportunity just to get the word out and be a little bit more detailed
on what the work that we're doing. Well, it's great work. And it's conversations like this
that gives me the encouragement to keep going with Commerce Risk Every Day. So thank you again,
Gustavo, Sami, I really appreciate having you on the show. I hope you'll be back on a future show
and maybe talking a little bit more about the success as it gets rolling out in Brazil.
Thank you again. Okay, thank you very much. Thank you, Eric.
Well, it was absolutely a pleasure to have Gustavo Borges and Sami Benakouche of Anatel
for that recorded interview. We're back again live. I think we have learned a tremendous amount
from that interview. And for those of you who are waiting out for the information,
it was mentioned during the interview. It hasn't been, as far as I know, publicly confirmed yet,
but my understanding is that the contract for this work that's taking place in Brazil
with the implementation of stir shaking both inbound and outbound in Brazil,
that's gone to a consortium that involves both ClearTech and Newstar. But don't take my word
entirely for it because I haven't seen it independently stated anywhere else yet.
Guys, thank you for listening into that conversation. I'm really keen to get your
feedback, your input, your observations about what's happening in Brazil, because I really
do think it's dramatically different from what we're hearing elsewhere in the world. Ed,
starting with you, are you surprised that Brazil's big telemarketing businesses volunteered
instead of being compelled, they volunteered to clear up the problem of spoofing that occurs with
calls made from call centers? Obviously, they're motivated to save their own businesses by weeding
to save their own businesses by weeding out the companies that make the majority of bad calls.
But nevertheless, I've not heard of any other country where the big telemarketing businesses
have chosen to voluntarily take action in this area.
If they saw that the wind was blown in this direction, from a regulatory standpoint,
political standpoint, then maybe, and I don't know the history of that, but maybe that was
part of why they got behind it more readily than they would elsewhere. But it doesn't surprise me
at all, just in the sense that I think, even if in the end, what you end up doing is separating
the bad spammers from the good spammers, you've accomplished something. And I think that
telemarketers to some extent will benefit from that. And you made the point about how it's a
centralized system, which means someone's deciding who falls on what side of the good and bad line,
for simplicity's sake. And I think you want to cooperate because you want to be on the
good side of the line, not on the bad side of the line.
And so let me turn it around then. Let me turn it around then. You're in the USA,
the Brazilian telemarketing association that was talked about during the interview,
pretty similar to a big telemarketing association for similar kinds of companies in the USA.
But we haven't heard about US companies doing this kind of work voluntarily.
What would need to be done to motivate them further to them to be more proactive rather
than just complying with what the law requires them to do? And in particular, I focus here upon
the fact that we can tend to talk about technology quite a lot, but when it comes to things like
know your customer controls, they're just as important too. So if you're running a call
center, you're running a business that handles a lot of phone calls, generates a lot of phone
calls on behalf of other people, there's got to be an obligation that you're aware of who
you're working for and what messages are going out to people. So why aren't we seeing
that voluntary willingness for those companies to preserve themselves in the US market?
Yeah. I mean, I think it's a legitimate question. I'd like to understand better why. I think the
thing that stood out to me from the regulators perspective that was really important from that
interview right in Brazil was that they may seem to make it clear that their goal is to make sure
that the person being called knows who's calling them and maybe even why they're calling them,
which I think gets a little bit out ahead of where the US is, which is sort of just like,
let's verify if this is a number that lights up, which is kind of, it's almost like,
let's make sure we don't step on any toes at all as we do this. We're just going to do something
as neutral as possible. And I think it's a very different approach and maybe not as
potentially not as effective one. It'll be interesting to see, I think what happens
with the approach in Brazil. But again, I think the important point here is that
we have to look at this from the customer perspective. The phone exists for your convenience,
right? You, Eric, you, Lee, me, right? It's there for your convenience. It's really not there for
the convenience of the telemarketer to make their sales quota. So that's the approach I think we
need to take. And that's what I liked about what they said, which is like, let the person answering
the phone, make a decision about whether or not to pick up. That's what we should be trying to
solve. Leave it there. I think that's great insight. Now, Lee, you often work with telcos,
but in the past, you've also given advice to governments, to regulators. You're at the
forefront of what's going on in this industry. So they listen to you, Lee. And they sometimes hire
you to write lengthy reports about what's coming up in the future and how they should manage their
risks. Based upon what you've heard there, the Brazilian experience, would you give the
recommendation to countries now to say telemarketing should go first when it comes to solving the spam
problem? Rather than trying to have a universal solution to identifying good from bad cause,
does it make sense to follow the Brazilian approach and say, why don't we clean up the
bad telemarketing cause first by looking at telemarketing companies initially? And then
when we've done that, we can start looking at the cause. Or is that the wrong way to go about it?
I don't think there's a silver bullet to any of this, Eric. But I think it does make perfect sense
that you would want to sort out the telemarketing stuff first. If you could get these on side,
get them all coordinated. I think what they've done over in Brazil is that this is a great
example of how everybody can come together to solve this issue. Slightly different in Brazil
in that a lot of those calls originating from Brazil, whereas I think the US has a slightly
different issue and the rest of the world. But yeah, I agree with you, Eric. I think it does
make perfect sense. Sort out telemarketing first, and then you can deal with the rest of the stuff.
Well, I mean, I think you're right there. Obviously, there are different countries,
different profiles in terms of how much of the traffic is proportionately generated within the
country, how much of it is proportionally generated outside the country. And yet at the
same time, I do think there's perhaps sometimes a mistake to focus too much on the calls that
originate outside of the country. Why? Well, those are the harder ones to deal with. They're
harder to deal with to some extent. So maybe get your own house in order, first of all, and see
some immediate benefits to consumers within the country, because it seems to me to make no sense
whatsoever to focus on the bad calls that originate outside the country if you're not going to deal
with the bad calls in the country. Now, that's not the experience, obviously, of countries where
there's a really big difference in terms of how many very few domestic calls, very many
international calls. Ireland, very clear, very explicit. They didn't think that there was going
to be significant volumes of bad calls originating in Ireland. So their focus is on the international
calls. But most of the countries that are talking about doing something in this arena, they're the
larger countries. They're the larger countries with the bigger population. So I think that weighs
heavily. Do you not think, Lee, in terms of you should always get your own house in order first
before you start pointing fingers or trying to control things that are harder for you to control?
Absolutely. I mean, you have to get your own house in order first, sort that out, and then you can
deal with other things further down the line. Like I say, each country, from my experience
working in different countries, you have different, there's different problems or issues in each
particular one, and they all require slightly different solutions to fix those problems.
Well, let's leave it at that. Thank you, guys. I really appreciate your feedback to that interview.
And I do look forward to hearing more from Anatel again in future. That's all we have time for
today. Next Wednesday, September 20th, the show will feature a live interview with Ian Deakin,
Principal Technologist at the Alliance for Telecommunications Industry Solutions, ATIS.
Ian will talk to us about quantum computing and why it's already a threat to the privacy
of communications, even though quantum computers are not widespread yet. He'll also be talking
about why businesses like Google and standards bodies like Etsy are already revamping cryptography
to make it quantum safe for our calls and messages. Live broadcast will begin at 11 a.m. U.S. East,
4 p.m. U.K., 8.30 p.m. India on Wednesday. And if I've not listed your time zone, well,
simplify the process of saving next week's live stream to your diary by clicking the appropriate
link at our homepage,, or simply subscribe to the communications show broadcast
and have it scheduled and have every weekly show added to your diary automatically. Thanks to my
co-presenters today, Ed Finegold, Lee Scargall, who's going to be back next Wednesday. But Ed
is taking a one week break. So filling his shows next week will be guest presenter Sarah Delphi.
She's vice president of Trust Solutions at Numerical and formerly director of abuse and
risk operations at Bandwidth. Thanks also to our production team, James Greenley and Matthew Carter.
The show wouldn't be possible without them. This was episode four of the second season of the
communications risk show. And I've been your host, Eric Priezkalns. Complete recordings of all our
shows from this season and before are available from the communications risk show website,
Keep visiting our main site at to stay up to date with the best source of news and
opinion about risks in the communications industry. And there are plenty of free resources for risk
managers at the website of the Risk and Assurance Group. Their URL is
Thanks for watching. We'll see you next Wednesday.