[Tfug] Automated attendant anti-spam strategies

[Bexley Hall]

Hi,

I'm trying to refine some ideas for an automated attendant
to automatically "screen" incoming phone calls for us.
The goal, here, is not to be bothered by the phone unless
it is someone that we *want* to talk to, *when* we want to
talk to them!  (i.e., I might enjoy talking with you but
not be keen on doing that at 2AM when you're half in the bag!)

Of course, the screening function is easy to implement -- once
you know who's on the other end of the line!  :-/

CID requires a monthly fee and can be spoofed and/or blocked.
(Why pay for something that doesn't actually solve the problem?)

Obvious low-sophistication workarounds are:
- have folks key in an identifier (from a sparsely populated
   "identifier space" so "guessing" isn't practical)
- interactively query the caller
- IVR for each of the above
etc.

I think I can get rid of robo-calls just by issuing a simple,
*random* challenge:
    "How much is <number> <operator> <number>?"
where the result is 0 - 9, for example.  A machine would be
hard-pressed to respond to such a query:  "How much is 3 plus 4?"
so you could just drop the connection five seconds later.
OTOH, a human user (especially one who has interacted with
it previously) would have no trouble doing this sort of math
in their head.

[For that matter, *any* sort of interaction would weed out
robo-calls.]

Actually identifying specific callers gets a bit harder
especially if you want to move beyond the inelegance of forcing
each to remember some arbitrary/unique "numeric identifier".

A more natural (i.e., imagine it was a human secretary answering
the phone on your behalf) approach would be to inquire as to
the caller's identity, *listen* to their SPOKEN reply and,
based on that (and a set of rules), decide whether to ring
the call through.

This also works around the robo-callers as they are unlikely
to "stumble" on a valid name in the course of their canned
spiels.

But, it suffers from the fact that anyone having first-hand knowledge
of you and your contacts can use that knowledge to subvert the
authentication -- much as someone calling your secretary and
claiming to be "your accountant" (unfamiliar voice) can do!

I haven't yet built enough scaffolding to test to see if I can
extract speech characteristics to correctly identifier speakers
(it's hard enough just getting good *recognition* let alone
speaker identification!).  But, this could further improve the
reliability of such a scheme (i.e., the right *voice* has to say
the right *name*!)  With sufficiently advanced technology
(i.e., not in my lifetime!  :> ), the caller would be able to
say *anything* and you would identify them "by the sound of
their voice".  :>

[This can work because, IMO, most folks have a relatively small
number of "frequent contacts" so the data set can be constrained.
It's not like a *business* trying to identify hundreds of
different callers/employees!]

Note that you don't rely on any one strategy for a complete solution.
here will always be folks that you've never spoken with (on the phone)
previously.  So, you need some way of allowing them to make a contact
(even if you direct their call to voice mail).  And, there are
probably some robo-calls that you will end up *wanting* to
receive even though they can't pass the "interactive test"
("This is the Pima County Library calling.  The book, _5000 Ways
to Spell Banana_ is overdue and should be returned immediately.")

But, it's relatively easy to make such a system learn -- within
the constraints of the inputs available to it (e.g., "No, you
should NOT have let this person's call come through to me!"
"This call that you routed to voice mail should, instead, have
been sent through directly"  etc.)

So, any ideas that I've not considered?  Or, technologies that
I could exploit that I might not (yet) be aware of?

Thx,
--don