In India, nuisance calls and text messages is a significant problem. To deal with it, the Telecom regulatory agency of India (TRAI) consulted with the telecoms firms to hammer out an answer. The result was a 2018 TCCCPR regulation. This regulation outlines a blockchain network to store the telco subscriber consents for specific brands and preferences like suitable times for messages delivery. This is often no small undertaking with 1.2 billion mobile subscribers in India of which nearly 800 million are active. On average, each receives 7-8 messages each day.
What is the problem?
The scale of the Indian spam problem is critical. Since 2011 in India 1.8 million unregistered telemarketers are disconnected and 580,000 blacklisted for unsolicited commercial communications (UCC).
But these messages aren’t just a nuisance. In some cases, they will end in substantial financial losses. For instance , if a message is shipped a few stock that’s close to jump in price. a number of the recipients could also be duped into investing. Meanwhile, the spammer bought the stock before sending the text and uses the “campaign” to dump its holding, and eventually the worth drops.
There’s already a National Consumer Preference Registry and a don’t Disturb (DND) registry.
The previous approaches to deal with the difficulty had drawbacks. Firstly, the marketing firms had access to the info and made use of it for the other purpose. Secondly, there was a mismatch in incentives. TRAI now penalize the telecoms firms if they don’t restrict a misbehaving marketer’s activity.
Given the spam calls and messages are purchased , telecoms firms may have profited from the spam. In fact, to discourage unregistered marketers, any SIM that sends quite 100 messages each day is charged a premium for the SMSs. Earlier this month TRAI removed the need for this premium pricing, a move most of the telecoms firms resisted.
Its solution -blockchain
The distributed ledger technology (DLT) network to deal with the spam issue is in production with the main telco firms, but the answer isn’t fully live. Consent concerning 500 million subscribers is already on the blockchain network, with launch expected around September time.
Each telecoms firm has one or more nodes on the DLT network that stores a fingerprint or hash of the consents also as preference information for all subscribers, not just their own. the answer is analogous for voice and SMS, but we’ll affect the latter.
When a marketing firm wants to send a message on behalf of a brand, it’s to register itself and pre-approve certain “header” data with the sending telco like the amount it’ll send from and therefore the title ‘message from Brand X’. When it’s able to go, it provides a message content template and an inventory of numbers.
The sending or originating telco performs scrubbing to cross check the info with the subscriber’s consents and preferences. It stores the very fact of the check on the blockchain therefore the subscriber’s telco can verify that the scrubbing went on and therefore the message only gets sent if it’s the all clear.
Critically, the marketing company doesn’t have direct access to the blockchain nodes. Tech Mahindra’s global practice head Rajesh Dhuddu gave an example of 100,000 mobile numbers that are submitted with 10,000 numbers failing the consent and preference check.
“But the marketeer won’t know which of these 10,000 mobile numbers because those mobile numbers are completely tokenized,” explained Dhuddu. “So the marketeer will revisit the file concerning 90,000 numbers, but he wouldn’t know which number, which customer skilled the test and which didn’t undergo the test. This anonymization is being done in order that the marketeers don’t cross pollinate that information and use that information for other purposes.”
Consumers can log complaints which are entered on the blockchain, and therefore the telco that sent the message has got to investigate promptly and restrict the sending marketer if the subscriber didn’t provide consent. If it doesn’t do so or delays, there are hefty fines on the telco and therefore the ultimate censure may be a loss of its license.
The solution uses enterprise blockchain platform Hyperledger Fabric, and every telco has one or more nodes. These nodes are hosted in multiple clouds, including IBM Cloud, Microsoft Azure and Amazon AWS. Enterprise blockchains are known to be more scalable compared to some public blockchains. However, given the info volumes, the scrubbing is performed off chain with a hash of the result recorded on chain.
Each telecom firm has an implementation partner and various other systems got to be integrated with the DLT. We believe IBM is functioning with Bharti Airtel. Tech Mahindra has partnered with Jio, Reliance Communications and Tata. Vodafone Idea, BSNL and MTNL are working with Tanla Solutions.
Privacy and honeypots
On the face of it, the DLT looks like a strong solution to deal with spam. However, all of India’s consent data is actually in one place. The question is whether or not this is often an enormous honeypot of private data. That said, the consent data (but not preferences) is encrypted and hashed. We asked what happens if the private keys of 1 of the telecoms firms is compromised.
“Respective private keys need to be safe custody of every operator and there are adequate security measures practiced to stay the private keys safe,” said Dharmen Dulla, Blockchain Technical Architect at Tech Mahindra. “However, it’s not just the private keys. Someone will need to also hack into the operator’s infrastructure and firewall-protected blockchain node to be ready to query the ledger data since this is often a permission network.”
Only the subscribers’ telephone company has access to the first data. For all other telcos, the consent data is merely available in encrypted form and hashed to support scrubbing.
In Europe and a few other jurisdictions, privacy regulations provide a right to be forgotten, which is hard with blockchain. One solution is Self Sovereign (SSI) Identity, which provides users control over their information. “Once Self Sovereign Identity becomes completely mainstream, TRAI features a roadmap to integrate SSI into this,” said Rajesh Dhuddu.
That may also address another issue: a desire by the telecoms firm to monetize the knowledge on consumer behavior. And therefore the subscriber firm features a good picture of its customers’ consents and preferences across all the brands. However, so far, TRAI and therefore the UCC regulations don’t allow them to sell consent and preference data.