In yet another shift away from its traditional hardware business, Huawei has sold its x86 server unit to a state-owned Chinese firm. Light Reading reports: China company registration data confirms that the sale to Henan Information Industry Investment Co. Ltd., owned by the Henan provincial government, concluded on November 5. The size of the transaction has not been disclosed. Huawei's server business, like its once high-flying handset division, has been hit badly by US sanctions, which prevent it from obtaining the Intel chips that power 90% of the world's servers. The vendor flagged the possibility of a sale at a company event six weeks ago. Eric Xu, one of Huawei's three co-chairmen, acknowledged the server unit had "encountered difficulties" and said Huawei was in discussions with some potential investors.

An anonymous reader quotes a report from TorrentFreak: Last evening the web was alive with angry players who couldn't play their games due to an unexpected error. While the situation is still not completely clear, it appears that someone allowed a domain used by Denuvo's anti-piracy technology to expire, meaning that players of some big games couldn't enjoy what they had paid for. [...] According to Alex Buckland, the DRM provider for all of the affected games had let a key domain expire, rendering the system inoperable. Following the failure to renew, the domain then went into a grace period but when that expired too, it appears to have been removed from DNS records. This meant that the domain would not resolve to an IP address, effectively breaking the system.

To solve the problem, some users on Steam posted up tutorials for players to modify their Windows HOSTS file to point to the last known IP address for the domain. This appeared to do the trick but obviously, such drastic measures shouldn't be needed to play a game that has been legally purchased -- especially those that are single-player only.

Amazon plans to launch its first prototype broadband satellites in Q4 2022, which would be nearly four years after SpaceX launched its first prototype Starlink satellites. Ars Technica reports: "This morning, we filed an experimental license application with the Federal Communications Commission (FCC) to launch, deploy, and operate two prototype satellites for Project Kuiper," Amazon said in a blog post. "These satellites -- KuiperSat-1 and KuiperSat-2 -- are an important step in the development process. They allow us to test the communications and networking technology that will be used in our final satellite design, and help us validate launch operations and mission management procedures that will be used when deploying our full constellation."

Amazon said it will launch the satellites from Cape Canaveral Space Force Station in Florida on ABL Space Systems' RS1 rocket, as part of a multilaunch deal the companies announced today. Amazon's prototype satellites will operate at an altitude of 590 km. "While operating under the experimental license, the KuiperSats will communicate with TT&C [telemetry, tracking, and control] Earth stations in South America, the Asia-Pacific region, and McCulloch, Texas, as well as with customer terminal units and a single gateway Earth station located in McCulloch, Texas," Amazon told the FCC.

Cryptocurrency firms could be forced to take greater steps to combat money laundering under new guidelines released on Thursday by the Financial Action Task Force, an international body that coordinates government policy on illicit finance. From a report: The task force called on governments to broaden regulatory oversight of crypto firms and force more of them to take measures such as checking the identities of their customers and reporting suspicious transactions to regulators. The FATF's guidelines don't have the force of law, and would need to be implemented by national regulators in each country. Still, the Paris-based group is influential in setting standards for government policies against money laundering and financing of terrorism, and its guidelines could shape new crypto regulations around the world. More than three dozen countries are FATF members, including the U.S., China and much of Europe.

Representatives of the crypto industry criticized the guidelines, saying they would undermine privacy, stifle innovation or simply not work in the context of blockchain and digital-asset technology. "It would be inappropriate for anything like these non-specific and confusing standards to replace the current law and regulations we have on the books here in the U.S.," Peter Van Valkenburgh, research director at crypto advocacy group Coin Center, wrote in a blog post on Thursday. Among the targets of the FATF's guidelines is decentralized finance, or DeFi for short. DeFi is an umbrella term for various efforts to implement traditional financial activities -- such as lending or trading -- using software rather than a central intermediary to oversee transactions. DeFi has grown rapidly since last year, with over $100 billion of assets posted as collateral in various DeFi projects, according to data provider DeBank. The guidelines take aim at DeFi projects such as decentralized exchanges, in which crypto traders can swap assets with each other, typically on an anonymous basis. The task force said the people or companies that own or operate such decentralized platforms could be considered virtual asset service providers, or VASPs, a designation that would force them to check users' identities and take other measures against money laundering.

Encrypted email provider Protonmail has hailed a recent Swiss legal ruling as a "victory for privacy," after winning a lawsuit that sees it exempted from data retention laws in the mountainous realm. From a report: Referring to a previous ruling that exempted instant messaging services from data capture and storage laws, the Protonmail team said this week: "Together, these two rulings are a victory for privacy in Switzerland as many Swiss companies are now exempted from handing over certain user information in response to Swiss legal orders." Switzerland's Federal Administrative Court ruled on October 22 that email providers in Switzerland are not considered telecommunications providers under Swiss law, thereby removing them from the scope of data retention requirements imposed on telcos. The victory comes after controversy over a previous (and not directly related) Swiss court order that forced the company to collect mobile device push notification identifiers from a specified user's account. That user was later arrested by French police, who had asked their Swiss counterparts to obtain the surveillance order. Protonmail chief exec Andy Yen told The Register his business doesn't routinely collect such data on its users.

An anonymous reader quotes a report from KrebsOnSecurity: U.S. federal investigators today raided the Florida offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations. Headquartered in Shenzhen, China, PAX Technology Inc. has more than 60 million point-of-sale terminals in use throughout 120 countries. Earlier today, Jacksonville, Fla. based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. In an official statement, investigators told WOKV only that they were executing a court-authorized search at the warehouse as a part of a federal investigation, and that the inquiry included the Department of Customs and Border Protection and the Naval Criminal Investigative Services (NCIS).

Several days ago, KrebsOnSecurity heard from a trusted source that the FBI began investigating PAX after a major U.S. payment processor started asking questions about unusual network packets originating from the company's payment terminals. According to that source, the payment processor found that the PAX terminals were being used both as a malware "dropper" -- a repository for malicious files -- and as "command-and-control" locations for staging attacks and collecting information. The source said two major financial providers -- one in the United States and one in the United Kingdom -- had already begun pulling PAX terminals from their payment infrastructure, a claim that was verified by two different sources. The source was unable to share specific details about the strange network activity that prompted the FBI's investigation. But it should be noted that point-of-sale terminals and the technology that supports them are perennial targets of cybercriminals.

ISPs around the world claim the unprecedented bandwidth demands Netflix's Squid Game is placing on their broadband networks means they should be getting more money. From a report: But experts say that's not how telecom networks work, suggesting that already cash-flush telecom giants are just positioning themselves for an underserved hand out. The popular South Korean thriller, a not so thinly-veiled critique of late-stage capitalism, tracks a group of indebted people who compete in deadly children's games for cash. According to Netflix, Squid Game is the most popular show in company history, the number one program in 94 countries, and has been watched by 142 million households. ISPs around the world also claim the show's popularity is driving a massive surge in bandwidth consumption, and they want their cut.

In South Korea, Internet service provider SK Broadband sued Netflix earlier this month, claiming that between May and September the ISP's network traffic jumped 24 times to 1.2 trillion bits of data processed every second. This surge is Netflix's fault, the ISP insists, and Netflix should be held financially responsible. In the UK, British Telecom executives have been making similar complaints, insisting that Netflix should be forced to help pay for the surge in network traffic caused by the show. But broadband experts say that's not how broadband networks actually work. "It makes no sense for ISPs to cry victim because they provide a popular service, and are expected to provide it," John Bergmayer, telecom expert at consumer group Public Knowledge told Motherboard. "People subscribe to broadband to do things like stream video, and it's broadband customers who are requesting all these Squid Game streams. They are not somehow imposed on ISPs by Netflix."

Just when some wireless carriers were trying to move away from phone giveways, T-Mobile upped the ante on Thursday with a deal offering new customers as much as $1,000 if they switch. From a report: The second-largest U.S. wireless carrier said that starting Friday consumers who bring a bill from their current provider to a T-Mobile store can get a prepaid debit card for any remaining amount owed on their phone, up to $1,000. Rivals AT&T and Verizon reported stronger-than-expected subscriber gains this week after using phone giveaways to help prime the pump in the third quarter.

A contract with a tech giant can put a startup on the map with venture capitalists and the market at large. That's what happened for Netskope, a cloud-based data security provider. Founded in 2012, the company was able to quickly scale up and secure multiple rounds of funding -- in part because it had a top-tier customer right out of the gate: Netflix. From a report: There was just one catch to landing that deal: It had to hire the streaming company's vice president of IT operations, Michael Kail, as a consultant and an advisor, and pay him with fees and stock options. Netskope (not to be confused with the now-defunct Netscape) wasn't the only startup confronted with that proposition. At least nine firms that worked for Netflix entered into similar arrangements, according to the U.S. Justice Department. Other companies drawn into Kail's web included software, cloud-storage and analytics companies Docurated, Numerify, NetEnrich, Platfora, VistaraIT, ElasticBox, Maginatics and Sumo Logic. The shady-sounding plot was described by the government during a criminal trial earlier this year in San Jose federal court. Kail was found guilty of more than two dozen fraud and money laundering counts. At his sentencing Oct. 19, prosecutors will ask that he get a stiff punishment of seven years in prison as well as be ordered to pay fines, restitution, and forfeit a $3.3 million home in Los Gatos, California.

The former Netflix VP, who also briefly served as chief information officer at Yahoo, "leveraged his status as a leader of the IT community in Silicon Valley to subvert the trust of Netflix and others to profit at their expense," prosecutors said in a recent court filing. They added that the similar schemes are "almost certainly" common among high-level tech executives, but that in no way excuses the behavior. The startups that paid to play, and possibly many others, believed this was how Netflix did business." A disturbing element of this narrative is the unequal playing field startups are on when they negotiate with big companies. As the government suggested, the crimes also seem relatively easy for an influential executive to carry out -- especially since the founders of fledgling firms have little if any incentive to blow the whistle, and may feel they have no choice but to go along with a pay-to-play scheme. In his own memorandum to the court, requesting that he be sentenced to a year of house arrest, Kail, 49, described himself as a "global power leader, top dev ops influencer and a thought leader." He appeared to minimize the impact of the crimes, describing them as "regrettable flaws in communication and transparency," and asserting that his undisclosed business relationships were more helpful than harmful to all involved. Yet many startup founders already have ample complaints about overly-generous advisor compensation and messy cap tables, even without the added corporate bribery wrinkle.

An anonymous reader quotes a report from The Register: In North Ayrshire Council, a Scottish authority encompassing the Isle of Arran, nine schools are set to begin processing meal payments for school lunches using facial scanning technology. The authority and the company implementing the technology, CRB Cunninghams, claim the system will help reduce queues and is less likely to spread COVID-19 than card payments and fingerprint scanners, according to the Financial Times. Speaking to the publication, David Swanston, the MD of supplier CRB Cunninghams, said the cameras verify the child's identity against "encrypted faceprint templates," and will be held on servers on-site at the 65 schools that have so far signed up. He added: "In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale." He told the paper that with the system, the average transaction time was cut to five seconds per pupil. The system has already been piloted in 2020 at Kingsmeadow Community School in Gateshead, England. North Ayrshire council said 97 per cent of parents had given their consent for the new system, although some said they were unsure whether their children had been given enough information to make their decision. Seemingly unaware of the controversy surrounding facial recognition, education solutions provider CRB Cunninghams announced its introduction of the technology in schools in June as the "next step in cashless catering."

"Long before the pandemic, software business GitLab operated fully remotely, building its developer tools without any physical office..." remembers Forbes.

"The company went public on Thursday on Nasdaq under the ticker 'GTLB.' Priced at $77, shares of GitLab closed their first day of trading at $103.89, up 35%, giving GitLab a market cap of nearly $15 billion." In an interview, CEO Sid Sijbrandij (pronounced "see brandy") said that going public would help GitLab to remain a well-resourced, long-standing steward of the open-source project on top of which its business software is built. "This had to happen sometime," Sijbrandij says. "We knew we were ready, the markets were ready, so why not take the step today?" At its closing price on Thursday, GitLab's IPO has made Sijbrandij a new tech billionaire, with an equity stake valued at $2.3 billion; in addition, he also sold about $150 million worth of Gitlab shares as part of the company's offering.

With revenue of $58 million in its previous quarter, up 69% year over year, on losses of $40 million, GitLab fits the mold of a classic high-growth, unprofitable business-to-business software provider — cloud players that have in recent years proven popular, and able to command high multiples, with Wall Street. While its losses have narrowed recently, GitLab still generates about $1.50 in new business for each $1 spent by customers previously on its tools, putting it in elite company in the category...

The company was the first-ever on Nasdaq to livestream its entire IPO day, with about 18,000 people stopping by over the course of the broadcast, it says.... Sijbrandij also became known as one of remote work's leading evangelists, advocating a no-hybrid, radically transparent office culture he says is fairer and more productive. That purist view remains a hiring advantage, he tells Forbes now; it also helps explain the livestream, part marketing opportunity and part way to include GitLab employees and advocates across the globe. "It's always behind closed doors," Sijbrandij says of the IPO festivities and listing process. Originally from the Netherlands, Sijbrandij added his parents were two of the viewers. "It was awesome to share it with the world."

Less than a month ago Bitcoin's price was $40,683. Last night it reached $61,369 — a gain of more than 50% in just 24 days.

CNN attributes the October surge to "hopes that the Securities and Exchange Commission will soon approve a bitcoin futures exchange-traded fund." Bitcoin prices, which rose to nearly $62,000 Friday, are now only about 5% below their all-time high of just under $65,000 that they hit earlier this year. Investors are hoping that, in addition to approving a bitcoin ETF, U.S. financial agencies will continue to take a more measured approach to regulating cryptocurrencies. Federal Reserve chair Jerome Powell and SEC chief Gary Gensler have suggested that the US won't crack down on crypto as severely as China has done. "With recent confirmation from both the Fed's Powell and SEC's Gensler that although regulations are coming, there is no China style clampdown envisioned, this will provide comfort to the broader institutional market that [bitcoin] is here to stay," said Seamus Donoghue, vice president of strategic alliances at METACO, a digital asset infrastructure provider.

Telkom SA said Netflix will no longer be available on the South African phone and internet company's set-top box from October. From a report: A deal between the parties has come to an end and will not be renewed, Content Executive Wanda Mkhize said in a statement, without giving a specific reason. Other content partnerships will be announced in due course, she said. The move comes after MultiChoice, Africa's largest pay-TV provider, signed deals with Netflix and Amazon.com to offer their streaming services through its new decoder. The continent is a small market for paid streaming video, with just a few million subscribers out of a population of more than 1 billion, and the U.S. giants have targeted it for future growth.

An anonymous reader shares a report: When Facebook's platforms went down early on Oct. 4, the online tracker Downdetector was among the first places users looked to find out what was happening. Downdetector, which uses crowdsourcing to track outages, recognized Facebook's problems were dramatically different than a typical outage. Its system automatically released a notification, including a tweet, informing the internet of the disruption. The outage was among the biggest ever declared by Downdetector, said Luke Deryckx, chief technology officer at closely held Ookla LLC, the Seattle-based company that owns it. "Downdetector is a vehicle for users to report their experience," he said, adding that the company crowdsources "users' relationship with the internet." "In this case, we'd received a clear and almost instantaneous signal that there was a Facebook-related outage."

The idea of Downdetector was born over drinks at a bar in Haarlem, a city in the Netherlands, in February 2012. Tom Sanders and Sander van de Graaf were both working at IDG Communications Inc., the media publisher of magazines including CIO and Computerworld. Van de Graaf was a developer, and Sanders was the editor in chief. Readers would often call the newsroom to report an online outage at a company or service provider, but the reporters would often get no response -- or have to wait hours -- when they called to ask about the disruption. "We thought, wouldn't there be ways to automate this so we didn't have to check with the press office and we could get the data directly ourselves?" Van de Graaf said.

An anonymous reader quotes a report from Motherboard: [O]rganizers and programmers with the Mycelium Mesh Project are [...] designing a decentralized, off-grid mesh network for text communications that could be deployed quickly during government-induced blackouts or natural disasters. Mesh networks, a form of intranet distributed across various nodes rather than a central internet provider, have the potential to decrease our collective reliance on telecommunication conglomerates like Spectrum and Verizon. During a civil unrest situation, government operatives could theoretically disconnect established commercial mesh networks by raiding activists' homes and destroying their nodes or super nodes. The Mycelium Mesh Project is addressing this potential weak link by developing a system that could be deployed at a moment's notice in non-locations, such as on abandoned buildings, tree tops, electric boxes and utility poles.

Nodes would be cheap, run independently of the power grid, and could be produced with materials that can be obtained locally. So far, the collective has successfully sent and received text messages across thirteen miles during field testing around Atlanta, Georgia with nodes powered by rechargeable batteries harvested from disposable vapes. [...] The Mycelium Mesh Project is still in its relatively early stages of development. Messages aren't encrypted -- a necessary feature for activists -- and the model isn't ready for long-range use. But developers are hopeful that their open-source model will promote cooperation amongst like-minded coders. "The network that we all use will work pretty much fine in 99.9% of the cases. But then when it doesn't, it's a real big problem," Marlon Kautz, an organizer and developer with the project, told Motherboard. "The authorities' control over our communications infrastructure can just completely determine what is politically possible in a situation where the future is really up for grabs, where people are making a move to change things in a serious and radical way."

"This is anti-capitalist work, which is non-commercial. We are not trying to start a business," Kautz explained. "We're explicitly trying to take advantage of open source type concepts. So not not only do we want the code that we're developing to be open source, but our entire production model will be."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.

Ukrainian police have reportedly arrested two members of a ransomware gang -- and while some have fingered REvil, no firm details have been published by cops from multiple countries. The Register reports: A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "two prolific ransomware operators known for their extortionate demands," claimed to be up to [$81.3 million]. One of the two suspects arrested on September 28, according to the National Police of Ukraine, was a "hacker." The other allegedly "helped to withdraw money obtained by criminal means." $1.3m in cryptocurrency was said to have been frozen. A multinational police operation with input from France's National Gendarmerie and the US Federal Bureau of Investigation helped lead the Ukraine cops to their targets, with support from Europol and Interpol.

The 25-year-old suspect allegedly deployed "virus software," compromising remote-working software, with one attack vector being "through spam-mailings on corporate e-mail boxes of malicious content." "In total, the hacker attacked more than 100 foreign companies in North America and Europe," said the Ukrainian police, adding that they blamed the 25-year-old arrestee for causing $150m of damage to Western organizations. [...] Numerous people speculated on Twitter that the latest Ukrainian arrests were members of the REvil ransomware gang. This was based solely on Europol's claim that the two main accused had once issued an "extortionate" [$81.3 million] ransom demand, which has not been repeated by cops in Ukraine. REvil once issued a ransom demand for $70 millionagainst managed service provider Kaseya) but that is not the same sum...

Google is abandoning plans to pitch bank accounts to its users, marking a retreat from an effort to make the tech giant a bigger name in finance. The Wall Street Journal: The Alphabet unit announced almost two years ago that users of its Google Pay digital wallet would be able to sign up for enhanced checking accounts and debit cards at a handful of financial institutions large and small, including Citigroup and Stanford Federal Credit Union. The new offerings, called Plex accounts, would sync with Google Pay, carry both Google and bank branding and provide a digital dashboard of where and how users spent and saved. Plex was billed as a new way to bank, with an emphasis on simplicity and financial wellness and without monthly or overdraft fees.

The project was initially expected to debut in 2020. A series of missed deadlines, along with the April departure of the Google Pay executive who championed the project, prompted Google to pull the plug on Plex, people familiar with the matter said. A Google spokeswoman said the company would now focus primarily on "delivering digital enablement for banks and other financial services providers rather than us serving as the provider of these services."

South Korean Internet service provider SK Broadband has sued Netflix to pay for costs from increased network traffic and maintenance work because of a surge of viewers to the U.S. firm's content, an SK spokesperson said on Friday. From a report: The move comes after a Seoul court said Netflix should "reasonably" give something in return to the internet service provider for network usage, and multiple South Korean lawmakers have spoken out against content providers who do not pay for network usage despite generating explosive traffic. Netflix said it will review SK Broadband's claim, and seek dialogue and explore ways in the meantime to work with SK Broadband to ensure customers are not affected. The popularity of the hit series "Squid Game" and other offerings have underscored Netflix's status as the country's second-largest data traffic generator after Google's YouTube, but the two are the only ones to not pay network usage fees, which other content providers such as Amazon, Apple and Facebook are paying, SK said. Netflix's data traffic handled by SK jumped 24 times from May 2018 to 1.2 trillion bits of data processed per second as of September, SK said, riding on the success of several Netflix productions from Korea including "Squid Game" and "D.P."

In a new milestone for the US government's anti-robocall efforts, phone companies are now prohibited from accepting calls from providers that did not comply with a Federal Communications Commission deadline that passed this week. From a report: "Beginning today, if a voice service provider's certification and other required information does not appear in the FCC's Robocall Mitigation Database, intermediate providers and voice service providers will be prohibited from directly accepting that provider's traffic," the FCC said yesterday. Specifically, phone companies must block traffic from other "voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC." As we've written, the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols verify the accuracy of Caller ID by using digital certificates based on public-key cryptography.

STIR/SHAKEN is now widely deployed on IP networks because large phone companies were required to implement it by June 30 this year, but it isn't a cure-all. Because of technology limitations, there was no requirement to implement STIR/SHAKEN on older TDM-based networks used with copper landlines, for instance. The FCC has said that "providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks." The FCC also gave carriers with 100,000 or fewer customers until June 30, 2023, to comply with the STIR/SHAKEN requirement, though the commission is seeking comment on a plan to make that deadline June 30, 2022, instead because "evidence demonstrates that a subset of small voice service providers appear to be originating a high number of calls relative to their subscriber base and are also generating a high and increasing share of illegal robocalls compared to larger providers."