Greed, lies and telecoms!

By Simon Woodhead

I was drawn to this industry by the opportunity to leverage technology to make the world better. For those who don’t know our backstory, in 1996 “eSMS” was the world’s first gateway between mobile phones and the Internet. Both looked like they’d catch on and cross-network SMS, what is now called A2P and email to/from ordinary mobile phones (at a time when a permanent data connection was fantasy) were our products. Fast-forward 28 years and we’ve spent far longer in the voice market (although SMS is still important to us) and we obsess about making things as technically complete as they can be. Nothing sets me off more than some charlatan extorting an end-user for a feature I consider a right, or saying one thing and doing the precise opposite. 

It seems some CPs like being deceived and put at risk by their carrier, which I just can’t reconcile. Maybe it is some BDSM-like fetish – “Oh go on, lie to me again Miss. Another outage, ohhhh”? Maybe it is intelligence – an inability to see what is being done to them? Maybe it is a lie resold that they don’t care about as long as they’re making money too – like attracting like perhaps? I genuinely don’t get it and every explanation I grasp offends because someone is being taken advantage of.

I understand that in business we all do things differently and have different values. I want Simwood colleagues to be directly locked on to our customer’s success. That’s why those who work in the business own nearly 100%. I also want them to focus on excellence rather than be worried about paying the bills, which is why we’ve awarded 30%+ pay rises since last year, and why we joined the Living Wage Foundation last year. We’ve also never had any structural redundancies in 28 years! Those are our choices; others across the industry make different choices and that is their prerogative. Maybe paying minimum wage with no ownership does genuinely attract the best talent? Maybe outsourcing broken processes to India for pennies on the pound really does give the best customer experience? Maybe hiring all-white staff but with different coloured horses does uniquely qualify you to preach diversity to others?

But some choices aren’t excusable and some people don’t like our (well, my) inclination to call them out. I suspect they’d happily pay McKinsey to tell them the same in private; they just don’t like it being in the public domain. But we’re highlighting a choice they’ve made and either they stand by that choice (so don’t care about it being common knowledge), take the free consultancy and change, or make a case the other way that their way is right and I’m an idiot. I’d welcome any of those options. I suspect though, we shine lights on dirty little secrets that people don’t want known, don’t want to fix and couldn’t in all honesty defend because they’re preposterous.

Why would they give up the Ferrari, bought to make everyone see how successful they are, in order to invest in their network meaningfully just once in two decades? If their customers don’t know, or care, or maybe even enjoy the outages, why bother? They’ll care when Ofcom pull their pants down after one (of course) but that hasn’t happened so far, perhaps because they haven’t been reported. Why can’t they just be honest and say they care about dividends and horses more than their customers and end-users?

Similarly, I consider encryption a right with huge value for privacy, security, and in no small part physical safety. Because of this it has always been free on any call across the Simwood network. End-users probably don’t consider for a second that their calls might not be encrypted, but if you look around the market, they probably aren’t, and the reasons why are pitiful. Encryption standards are an RFC – nobody owns them and there are no patent fees. The good souls in the open source community have done great jobs embedding them for everyone to use, for free. Some just can’t be bothered while others have wrapped that free technology in their commercial product and want to charge for the feature. Many of the big brand dinosaurs in our sector have nailed their flags to a big-vendor magic-box architecture, and if said big-vendor wants to charge an additional licence fee for something like encryption, guess what? Yep, they don’t buy it, can’t offer encryption, but the marketing department will fix it. Screw those who worked for free to provide the technology, screw those who assume it is there when using the services built on those magic-boxes, screw the person who comes to harm because it wasn’t there. Let’s be clear, the magic boxes support it, that CP who cares so much about their customers just can’t be arsed to buy the licence that the vendor has chosen must be an upsell. Why can’t they just be honest and say they don’t care about end-user safety, privacy and security enough to buy the licences? You can verify your other carriers by telling them you want all calls in and out signalled over TLS with media encrypted by SDES – see what they say!

And why would they comply with Ofcom rules brought in to filter invalid CLI out on their network when they can profiteer instead? It is over four years since we took the lone step of blocking all calls with invalid CLI from customers, which some disliked but thankfully most embraced and recognised it was the right thing to do. Years later, others decided to monetise this instead with dirty origin surcharges. I was able to call BT out on this a few years ago (2021) at a Westminster Forum where I highlighted the disconnect that they couldn’t identify these calls to block them but they could identify them to bill surcharges on them. Even this weekend in 2024, I saw a customer ticket where we were rejecting calls with no CLI whatsoever, but one of our slower competitors was happily completing the calls after we had. Of course, they’ll also have been monetising up to £2 a minute in luxurious margin for doing so, and sod the consequences to the callee. It reminds me of voice fraud where we’ve spent millions to prevent our customers spending what they don’t intend, only for them to give supernormal profits to those who have spent nothing whilst crowing about how much they care and being vocal in talking shops. Why can’t they just be honest and say they’d sooner have the ill-gotten revenue than invest to prevent it? 

Rather than spray criticism where it isn’t warranted, we’ve undertaken some testing to assess the current state of compliance with rules – rules I might add put in place to protect your nan from being scammed of her life savings. Maybe they’re all compliant now and we’re being unreasonable? Yes it is years after the fact but we need to give credit where credit is due. Who is still profiteering? Who has just been telling everyone else what to do through talking shops whilst doing nothing themselves? 

Ofcom publishes a DNO (Do Not Originate) list and has strict rules around CLI being valid. We know that on Simwood, any call in breach of the DNO list is blocked and alerted, invalid CLI has been blocked for years, and we do not charge dirty origin surcharges. There’s a lot of subtlety here – various combinations of network number, presentation number etc. which we tested.

It was easy for us to test across our various interconnects three scenarios, calling ourselves:

1. A call presenting a DNO number. These should be blocked.
2. A call presenting no CLI. These should be blocked or remediated.
3. A call presenting CLI which is of the right length and format, but is invalid by virtue of being from an invalid range. These should also be blocked.

We’ve anonymised results here and the order isn’t meaningful. Whilst not exhaustive, this gives a good idea where we are as an industry given it covers the largest operators as well as those smaller than us. It excludes those pretending to be UK carriers – they’re just reselling so are likely caught by a proper operator we’re testing. We also removed one larger operator who was very obviously just relying on a downstream operator for rejections. It also excludes legacy technologies where the operator is now predominantly IP; we suspect their TDM routes would fare much worse. 

So how did they fare?

What to conclude? 

Well firstly the results were better than expected. We didn’t expect those with dinosaur routing to be able to handle the DNO list but they are now able to universally, although that does beg the question how we get so many incoming calls from some of them in breach of it. It’d be interesting to know how they’re managing updates – they take us 4 seconds and are fully automated – but that’s their cost to sustain. 

The performance was less consistent with valid-looking but clearly invalid UK CLI so one of them clearly isn’t checking live against Ofcom’s number allocation files which explains the volume of spoofed calls we see coming into our network from them, perhaps from foreign actors into their overseas subsidiary. 

The bigger concern though was the routing of calls with absolutely no CLI information whatsoever – the very scenario that prompted us to test – this is just reckless and provides a vector to their customers to make any nuisance call and traceback type process significantly harder as it works currently. 

These are just a few examples which in affected cases follow a pattern of contempt for end-users and greed, overlaid with marketing BS and other hypocrisy to fool those who don’t, won’t, or can’t be bothered to know better. It makes me cross (you might tell) and it makes me sad, because at every level people are being deceived or put at risk of harm for monetary gain. In a perfect market those actors wouldn’t exist. In a perfect regulatory environment they’d be fined out of existence. But the world isn’t perfect and change relies on choice.  

Now, I’m not here to make new friends and there are those who will respond to this by excoriating me. From past experience, they’ll probably do so in a dark corner at a christmas party that I can’t attend by virtue of caring for a disabled daughter, and wouldn’t say a thing to my face even if given the opportunity. I’m grateful for the ‘feedback’ I get second and third hand but that in itself demonstrates the level of backbone and integrity we’re dealing with here. To be fair, one CEO at a reseller CP did take me to task in person once, so all hope is not lost, although he was paralytic and was later thrown out for fighting. I really really couldn’t care less what someone thinks of me. What I care about is end-users getting the technology and protections they deserve, without being lied to or ripped off. That doesn’t feel like an unreasonable position to me but if you disagree please do come and have a word, and perhaps help me understand what I’m missing!

The positive is that the industry taken as a whole seems to be moving in the right direction. If our friends in the office by the river want PCAPs and de-anonymisation of the CLI results, do please get in touch. Meanwhile, a s135 enquiry on encryption might yield very interesting results!