Over-the-top (OTT) communication applications like WhatsApp and Telegram have become fertile grounds for spam, Bharti Airtel highlights in its submission to the Telecom Regulatory Authority of India’s (TRAI) recent consultation paper about updating spam regulations. Airtel says that unlike telecom companies which have strict compliance requirements, communication apps don’t operate under any regulatory framework.
“The disparity in regulatory frameworks means that OTT platforms do not face the same scrutiny or accountability for spam generation as TSPs [telecom service providers],” Airtel argues, urging the regulator to bring these platforms under the anti-spam framework. Currently, TRAI regulates spam under the Telecom Commercial Communication Customer Preference Regulation (TCCCPR), 2018. TRAI is considering updating this regulation, along with extending the requirements for telecom companies and instructing them to create a proactive mechanism for curbing spam.
Airtel argues that bad actors are using spam on calling and messaging platforms to deliver phishing links and fraudulent messages, which negatively affects people’s privacy and financial security. Bad actors also add OTT users to large groups without their permission exposing them to spam content and unsolicited advertisements. Besides Airtel, other two major telcos, Reliance Jio and Vodafone Idea (Vi) also expressed concern about spam on calling and messaging platforms.
Arguments in favor of imposing spam regulations on OTTs:
Businesses are bypassing traditional messaging restrictions on OTTs:
As per TCCPR, businesses have to register their message headers and templates with telecom companies via distributed ledger technology. Jio argues that the alternate communication channels (like messages over Internet Protocol that phone manufacturers send to their customers and OTTs) also cause spam. “These alternate and substitutable channels are making the mockery of the entire DLT-based UCC [distributed ledger technology-based unsolicited commercial communication] management,” Jio emphasises.
On a similar note, TCCPR also requires telcos to create digital consent acquisition (DCA) facilities through which businesses can seek customer consent for promotional calls and messages. Airtel says that businesses are bypassing this regulation on OTTs like WhatsApp by sending messages through broadcast lists.
OTTs are cannibalizing the SMS market:
Since OTTs don’t have regulatory requirements, businesses are moving to these platforms to send commercial messages. “By not regulating these channels, a legal and controlled SMS channel is being cannibalized openly by illegal services running without any regulatory oversight,” Jio argues. Further, it mentions that while telcos are investing millions in curbing spam over their networks, the regulator is serving them notices for incidents of spam which are a fraction of the spam on OTTs.
BSNL also argued that application-to-person SMS (A2P messages, where businesses use software to message all their customers) are facing significant challenges because of OTT platforms. BSNL brought up OTTs in the context of TRAI’s question about whether it should review the exemptions it currently provides for transactional messages.
It said that OTT services offer commercial messaging at highly competitive rates compared to traditional telecom service providers, adding that telcos are unable to compete because the regulator requires them to charge 0.05 paise per promotional and service message. Further, since telcos struggle to differentiate between transactional and service messages, they end up charging companies 0.05 paise per transactional message as well.
Lack of regulation on applications and software used for cybercrime:
Jio questions why regulators are not looking into search engines and app stores that host screen-mirroring software and APKs. It says that the unchecked download of these is causing havoc through financial fraud worldwide. Jio says that TRAI has also refrained from explaining why it is permitting optimization and download of malicious weblinks and apps without due diligence. “These inexplicable regulatory gaps speak volumes as to the selective, arbitrary and unreasonable approach that Authority has regrettably adopted,” it adds.
Anti-spam regulatory mechanisms over telecom networks vs OTTs:
Airtel says that OTTs lack the anti-spam mechanisms that telcos have, including:
- No penalties for users sending spam messages
- No external oversight for spam detection, they rely only on user reporting/blocking
- No requirements for principal entities to register campaigns or communications on OTTs
- These platforms prioritise user privacy (through end-to-end encryption) which can conflict with spam control.
It suggests that TRAI could introduce specific guidelines for consent on OTT platforms. This will ensure that businesses and telemarketers cannot send unsolicited messages and calls without obtaining prior approval from users. Vi agrees with Airtel and suggests that TRAI should work with the Ministry of Electronics and Information Technology (MietY) to ensure that OTT platforms implement these guidelines. Vi also pushes for a revenue share agreement between telcos and OTTs.
Airtel adds that OTT platforms should work with the regulator to curb spam to ensure that businesses are held accountable for spamming. “This would involve mandatory registration of businesses with the OTT platform, similar to how businesses must register with TSPs to send commercial SMSs,” the company suggests. It also argues that TRAI should impose a clear deterrent framework for businesses that engage in unsolicited communication on OTTs, just like the one that exists in traditional telecom networks. OTTs should report spam statistics to ensure there is proper oversight and that enforcement actions are being taken against spammers. It mentions that the regulator should eventually bring OTTs under the regulatory licensing regime to ensure a level playing field.
Advertisements
Other key concerns raised by telcos:
TRAI shouldn’t hold telcos accountable for spam:
Both Airtel and Jio mention that TRAI has previously given financial disincentives to telcos for carrying spam on their networks but that it is outside the regulator’s remit to do so. Jio highlights that as per the Information Technology Act, 2000, telecom companies are intermediaries and therefore are not liable for spam on their networks. Airtel mentions that financial disincentives are not a function of TRAI under the TRAI Act since the Act does not give the regulator adjudicatory powers.
The two emphasise that telecom companies are not the ones at fault for spam, but rather businesses and their telemarketers are responsible for it. Airtel adds that TRAI needs to reorient the mechanism of financial disincentives to businesses and telemarketers. Airtel also suggests that TRAI should bring telemarketers under the regulatory framework. However, if that is not possible, TRAI should mandate that businesses will directly connect with telcos for commercial communication.
TRAI should focus on modernizing the DND app:
Jio says that users today have an adequate number of touchpoints to lodge complaints against spam. The fact that users are lodging complaints in large numbers indicates that there is sufficient awareness about the complaint-filing process and that the process is user-friendly. Instead of focusing on the complaint process, TRAI should consider modernizing its do not disturb app (DND App) which allows users to block unnecessary telemarketing calls and SMS. Jio urges TRAI to make this app more user-friendly and available on all operating systems.
A proactive mechanism to detect spam will add to telco costs:
As stated earlier, the consultation paper suggests that telcos should adopt a proactive mechanism to detect spammers by checking aspects like which users make more calls/send more messages than they receive. TRAI asks telcos to survey the people these suspected spammers speak to and verify whether they are indeed making spam calls/messages. Vi suggests that TRAI came to the decision to create such a mechanism based on the fact that less than 0.2% of users make over 50 calls a day and less than 0.04% of users send over 50 SMSes a day. However, it points out that these numbers are based on quarterly data, which means there could be customers who make over 50 calls a day a few days (like four-five days in the quarter) but less than these numbers the rest of the quarter. Thus, TRAI’s criteria for suspected spammers (those with a ratio of less than 0.2 incoming calls to outgoing calls, and less than 0.4 incoming messages) would not apply. Further, Vi says that if the telcos were to apply such a mechanism, a lot of genuine callers would end up getting pegged as suspected spammers. In such a case, if telcos survey the recipients of these suspected spammers’ calls/messages, they could end up creating a negative image of innocent individuals.
The timeline for verifying spam is not feasible:
The consultation paper suggests that if a customer complains about a particular business, the business’s telecom operator should check whether it called the customer within a matter of two hours. Similarly, if someone complains about an individual user and labels the said user as a spammer, telcos should also examine this complaint in two hours.
Airtel and Vi argue that this timeline for verifying spam is not feasible. Airtel argues that it would at least take telcos 24 hours to do so. To check this in a matter of two hours would require “huge development at TSP end on multiple systems to fetch the CDRs [communication detail records],” Airtel flags. Vi, on the other hand, asks for an even longer time frame, stating that telcos can only validate CDRs in 36 hours. It argues that if telcos check and validate CDRs in 2 hours, it could lead to wrong closures of complaints due to CDR mismatch, which would invariably end up creating dissatisfaction among customers.
No need for an opt-out mechanism for transactional messages:
In the consultation paper, TRAI mentioned that it was considering mandating an opt-out mechanism for transactional communication. This would mean that when you get a text from a company sending you your OTP, a balance alert or a purchase confirmation, you would also get the option to say, click a link to opt out of such messages. Similarly, for transactional calls, companies would have to send customers a message after the call offering them an opt-out option.
Vi says that customers initiate transactional communication and as such, there is no need for an opt-out feature for such communication. Giving an opt-out mechanism could also negatively impact customers, who might end up missing out on essential messages by accidentally opting out. Further, it says that if businesses have to add an opt-out mechanism to SMSes, it will increase the cost of sending an SMS. This can end up making SMSes less attractive to businesses as compared to OTT platforms. It may also lead to failure in sufficient uptake of 160-number series meant for transactional/service calls.