Thank you to everyone who let me interview them and view extensive documentation. I’m attempting to take a mountain of information into a few bite-sized chunks. This is part 1 of a 2 part weblog. What kicked this off was the post The Campaign Registry and Foreign Ownership: A Matter of National Security, which acted as a lightning rod for so many in the industry.
The Campaign Registry, Annual Stakeholder Review 2022
GTC (Global Telco Consult) performed 30 minute online interviews in Aug and Sept 2022 with the following companies: AT&T, Verizon, T-Mobile, Bandwidth, US Cellular, Sinch, and Vonage.
I’m surprised Twilio is not in the list given they account for the majority of the campaigns in the US. BTW, Twilio was approached to buy TCR in April 2022 and refused. Some of the tier 2 aggregators should be interviewed to understand the impact of the processes on smaller companies; and most importantly the brands, the paying customers, the critical stakeholder in this ecosystem must be included. These gaps indicate to me the research has a bias, but that is true for so much within the telecom industry.
At the time of the survey TCR had been operational for well over a year, with commercial launch in Feb 2021 and the carrier sanctioned launch in Oct 2021. TCR had been in development within Hook/Buc Mobile and then Kaleyra after they bought Hook/Buc in 2018.
Some of the interesting quotes from the interviews are:
- “The fox watching the henhouse” – they mean guarding
- ‘super f@&king pissed’ (yes, they used the f-word)
- ‘Rockstars.’ – referring to the people of TCR.
Super f@&king pissed
One of the carriers is the source of the ‘super f@&king pissed’ on the ownership of TCR. Other comments made by the carriers on ownership are shown below. If just one carrier pulls out of TCR, then the future of TCR is in doubt.
- Regardless of data protection (note TCR is not SOC II Type II compliant), there was a commitment to get out of the messaging space to keep TCR proposition ‘clean’.
- A relationship meant to be based on trust but ‘built on a lie’.
The fox watching the henhouse
About half of interviews saw an outright competitive risk for the market and their business. Some lamented that they’d ‘love TCR to be independent’ while others were explicit that “If there is no other option, maybe there should be another option.” But as we’ll describe, the TCR is not stopping SPAM.
Other options mentioned included a parallel secondary entity to compete with TCR, adopting anti-fraud solutions to register and route traffic as well as retreating to ‘not-so-bad’ long codes for mid-size players.
Kaleyra’s ownership was described as ‘painful’ by those involved in the cross-industry effort to shape an independent solution; describing the ‘easiest’ solution today being a spin-off into an independent position.
An important point is that the TCR is not SOC II Type II compliant, it should be. This provides assurance to an organization’s clients, management, and user entities that their confidentiality, availability, processing integrity, security, and privacy are being safeguarded. The gossip from other aggregators is that their customers are receiving cold calls from KLR (Kaleyra), I have 2 first hand accounts of this, and many more second-hand. This is a real problem.
There is unanimous praise for TCR’s entire team. All client-facing staff were named for praise in multiple interviews. The team itself is considered understaffed for its role but are considered to be doing a great job with the resources at hand. This is corroborated from the aggregators registering their brands / customers, they’re doing their best.
Challenges do exist in keeping support ticket response times low and exposing the tech team to CSPs on a more frequent basis (avoiding occasional misinformation from account management side).
The processes appear to have a significant manual component, with much discussion between the CSPs (aggregators) and TCR. This episode of Commio’s Telecom Wise Guys is a great review of the practicalities of using the campaign registry. The video is a positive review of the complex TCR processes.
There are no 10DLC in TCR
When I was told this I laughed, and my immediate response was, then how does the TCR work? I’ve had a number of conversations with insiders, aggregators, and brands to understand the technology and processes. I’m just summarizing what I’ve learned.
The DCAs (Direct Connect Aggregators) are the entities managing the registering and unregistering of phone numbers in the NetNumber database. Simply, a phone number is registered to be able to send A2P campaigns with higher throughput and lower tariffs.
The NetNumber Services Registry (nnSR) is an industry database that manages and distributes routing information for the messaging industry. The nnSR publishes dedicated service information for individual phone numbers.
The TCR approves a brand, and the campaigns a brand can run, the approved campaign ID(s) are sent to the NetNumber Database with no brand information for customer confidentiality. The brand can then go to its preferred aggregator and show its TCR approvals and campaign ID(s). The preferred aggregator through a partner DCA, or directly if it’s a DCA, registers the brand’s phone numbers as approved for campaigns in the NetNumber database.
You can appreciate all the possible workarounds this creates as the loop is not closed. I’ll come back to the implications in the next section.
At TCR there is NO record of any phone numbers used in the “registered” A2P campaigns. Only business contact phone number(s) for the brand as part of the vetting process. The only history for a given message would require the DCA to voluntarily disclose who sent it.
There is no history of numbers matched with campaign IDs in the NetNumber database. The database only contains a current view of a phone number to see if it is registered with a campaign to send A2P SMS. Once the number is unregistered, there is no trace of it having been registered. Spam works by continuously cycling through numbers, it’s like a whack-a-mole game.
The DCAs check the NetNumber database to see if the number is “registered” before sending it to the carriers. If the number is not registered, they send the message anyway, but at the higher “unregistered” tariff. Clearly the ecosystem wants spam delivered, just at a higher fee.
What does this mean?
TCR does not block, monitor, or provide an effective way to trace spam.
TCR only makes A2P traffic more expensive for businesses without improving the ecosystem. Note: All “A2P” traffic between Syniverse, the MNOs and the MVNOs is sent as P2P and avoiding the 10DLC fees. The playing field is not level.
Spam has a new path delivering high throughput for those in the know. SMS spam has been part of A2P SMS since the beginning, this is not a new problem.
Spam is higher now than before TCR, which has been in commercial operation since Feb 2021.
The fees that campaign service providers are paying do nothing to stop spam.
If you, like I initially was, are incredulous to this explanation, have a private chat with your friendly neighborhood aggregator about what is really going on with TCR.
How about the carriers implementing KYC themselves? I know regulations are often quoted as a barrier, so talk to the FCC on this. Carriers’ customers are people and businesses paying them, such as mobile phone users, brands, and aggregators. A2P SMS is a mature business, this is not a new problem.
Business calling is also facing spam problems and equivalent ‘TCR’ problem from third party Analytic Engines. As Numeracle explains in a 40 page FCC comment.
This should be a soluble problem in 2023. If carriers stop having private conversations between friends and instead have a broader industry dialog, perhaps with a competition between different solutions that includes industry feedback, we can stop taxing programmable communications and drastically reduce spam on voice and SMS.