We can't expect consumers to change their phones or their habits. The solution must be completely within the backend network. The robocall epidemic is a direct result of VoIP service providers hiding behind a cloak of plausible deniability. The problem is exacerbated because we can't easily trace these calls back to the origin. By forcing VoIP service providers to securely log outgoing calls to a secure database, we'll be able to easily trace calls back to the offending service provider using the caller id, destination phone number, and time of call. VoIP providers will have to generate and send a CallHASH along with their ProviderID to a database. The CallHASH is generated by hashing the concatenation of the caller id, the called number, and the time of call. Once hashed, that information is not reversible and is secure. The database would never see the raw information, so it’s safe from prying eyes. From then on, you can simply check if a very specific call took place, but you can’t just read all the calls in the log. Cracking the database would take hundreds of years. In short, my proposal allows you to log calls securely in a way that doesn’t violate the consumers privacy.
The law becomes much more cut and dry. If the VoIP provider doesn't log their outgoing calls into the secure database, then they are at fault and should be fined/prosecuted. But, we all know that that isn't enough. It's still possible for the robocallers themselves to build VoIP services and ignore the law and the penalties. That's why I propose a second part. When the FTC detects that a VoIP service provider fails to log outgoing calls, or if the FTC determines that a VoIP service provider knowingly allows illegal robocalls, they can add that service provider to a blacklist.
Lastly, any gateway that accepts VoIP calls must validate that the VoIP call isn't from a blacklisted VoIP service provider. If the call is from a blacklisted VoIP provider, then the call must be dropped.