PROPOSAL: The Digital Border & Infrastructure Security Act (2025)
A Comprehensive Framework for Global Accountability and Infrastructure Hygiene
I. Executive Summary
As of late 2025, international scam networks have transitioned into industrial-scale operations often fueled by human trafficking. This proposal moves beyond traditional law enforcement by targeting the infrastructure of fraud. It mandates “clean pipes” for U.S. telecommunications, holds foreign nations accountable via targeted sanctions, and formalizes a partnership with the “good faith” private investigative community to dismantle scam centers in real-time.
II. Infrastructure Accountability & “Zombie” Neutralization
To secure the North American Numbering Plan, this proposal mandates:
- Mandatory “Zombie” Blocking Agents: Carriers must deploy free AI agents to identify and block “Zombie” numbers—legitimately assigned lines used by offshore servers to spoof domestic caller IDs.
- Dec. 15, 2025 DNO Mandate Enforcement: Full statutory codification of the FCC’s Advanced Methods Rule, requiring all providers in a call path to block traffic from the Do-Not-Originate (DNO) list (invalid, unallocated, or inbound-only numbers).
- Lead Agent Liability: Financial penalties for data brokers who sell “consent-less” phone lists to international callers, closing the “bulk consent” loophole.
III. The Public-Private “Trusted Reporter” Program
Recognizing the speed of the Scam Center Strike Force (Est. Nov 2025), this section formalizes the role of civilian investigators:
- Accreditation: Establish a “Trusted Reporter” status for proven investigators (e.g., Scammer Payback/Pierogi). Accredited reporters gain a direct API to the DOJ for evidence submission.
- Forensic Bounties: Provide a 5% “Forensic Bounty” to investigators whose intelligence leads to the successful seizure of criminal assets or the shutdown of a scam compound.
IV. International Sanctions & Sovereign Responsibility
- Safe-Haven Designation: Use the 2024 UN Cybercrime Convention to identify nations that refuse to prosecute scam compounds.
- OFAC Linkage: Direct the Treasury to apply targeted sanctions to the leadership and banking partners of specific high-risk regions (e.g., Shwe Kokko, Burma) identified as industrial scam hubs.
V. Legislative Cross-Reference Annex
- TRACED Act (2019): Amend to include mandatory “Zombie Number” identification and removal of non-compliant providers from the Robocall Mitigation Database.
- H.R. 5967 (Strategic Task Force on Scam Prevention Act): Expand this 2025 bill to include the Civilian Cyber-Forensic Accreditation Program.
- CFAA (18 U.S.C. § 1030): Define “Typosquatting for Fraud” as a predicate offense, allowing the DOJ to seize lookalike domains (e.g.,
irs-refund.gov.cc) within 60 minutes.
Action Checklist for Citizen Advocacy
- [ ] Locate Your Representative: Visit House.gov and find the Legislative Assistant (LA) for “Telecommunications.”
- [ ] The “Elevator Pitch”: “I am a constituent asking for an update to the TRACED Act to include free ‘Zombie Number’ blocking and a fast-track for private investigators who are already doing the FBI’s work.”
- [ ] Highlight the 2025 Deadline: Remind them that the Dec 15, 2025 FCC DNO deadline is the perfect time to introduce broader legislation.
- [ ] Request a Joint Meeting: Ask your Rep to coordinate with the House Committee on Energy and Commerce to review the “Infrastructure Accountability” section.
Summary of the “Total Defense” Model
Annex: Professional Standards for Accredited Private Investigators
1. The Distinction: Vigilantism vs. Accredited Forensics
- Vigilantism (Unauthorized): Characterized by public shaming (doxing), unauthorized hacking for personal entertainment (“baitertainment”), or destruction of data which may constitute a violation of the Computer Fraud and Abuse Act (CFAA).
- Accredited Forensics (The Proposal): Intelligence-led activity conducted under a “Chain of Custody” protocol with the primary goal of providing admissible evidence to the Scam Center Strike Force.
2. Authorized Investigative Techniques (Standard Operating Procedures)
To qualify for the “Trusted Reporter” status, private actors must employ the following verified methods:
| Technique | Description | Legal Guardrail |
| Social Engineering (Baiting) | Establishing contact with scammers via “honeypot” personas to waste their time and map their methods. | Must avoid “Entrapment”—i.e., not inducing a scammer to commit a crime they weren’t already intending to commit. |
| Network Metadata Capture | Logging IP addresses, server headers, and “User Agent” strings of scammer connections. | Data must be captured via passive monitoring or authorized interaction; no “backdoor” entry into foreign servers. |
| Remote Desktop Intelligence | If a scammer connects to the baiter’s “virtual machine,” the baiter observes and logs the scammer’s file structure and tools. | The baiter must not plant malware on the scammer’s machine, as this violates international hacking laws. |
| Cryptocurrency Tracing | Using AI-driven blockchain analytics to track the flow of stolen funds to specific exchanges. | Information must be shared with the FBI’s Virtual Asset Exploitation Unit (VAXU) for seizure. |
3. Data Capture & Evidence Preservation Protocols
For evidence to be admissible in a U.S. Federal Court, accredited investigators must follow the “Five Principles of the Investigative Mindset”:
- Digital Chain of Custody: Every file, video, or log must be timestamped and “hashed” (using SHA-256 or MD5) immediately upon capture to prove it has not been altered.
- Environment Isolation: All interactions must occur within Isolated Virtual Environments (Sandboxes) to ensure the investigator’s personal data is not compromised and to prevent the unintentional spread of malware.
- Non-Destructive Interference: Investigators are prohibited from deleting the scammer’s files or hardware. Instead, they must copy evidence (mirroring) and provide it to authorities for a legal “takedown.”
- Victim Privacy Protection: If an investigator gains access to a scammer’s “victim list,” that data must be turned over to the DOJ immediately and encrypted. Public disclosure of victim names is strictly prohibited.
- Transparent Methodology: Every “operation” must be documented in an Investigative Narrative Report, detailing how the connection was established and which tools were used.