FCC Chairman Ajit Pai has sent out letters to no fewer than 14 US carriers to demand the establishment of “concrete plans” to protect consumers against scams and illegal robocalls that rely on spoofed phone numbers, according to a recently released notice from the commission. In particular, Mr. Pai is calling for the carriers to implement “Signature-based Handling of Asserted Information Using toKENs” and “Secure Telephone Identity Revisited” (SHAKEN/STIR) standards to create a nationwide authentication framework. In addition to a more general call to action, the chairman has asked that the companies provide detailed implementation plans targeting 2019. What’s more, Mr. Pai has indicated the commission is prepared to “take action” if it doesn’t appear the plans are on track to meet that target.
Background: SHAKEN/STIR was accepted at the recommendation of the North American Numbering Council back in May, following public input and inquiry regarding a solution to robocalls and caller verification. The standards are overseen by an industry stakeholder group referred to as the “governance authority” and, in summary, intended to bring an end to undesired calls that utilize and originate from illegitimate phone numbers. Namely, those are phone calls for which the identifying information doesn’t match up with the registration of the phone number or from phone numbers which aren’t currently registered with a carrier. Scammers, in particular, utilize those phone numbers in order to try and prompt unsuspecting voice customers into answering the call. Once the connection is made, users are most often connected to a pre-recorded menu or message, often accompanied by a phishing scam or other malicious action.
Under the above-mentioned standards, calls are to be verified and signed by carriers to stop unwanted robocalls from ever reaching the intended consumer. For cross-network traffic, the originating carrier is responsible for handling the signing side of that while validation is performed by the receiving service provider. Calls that aren’t validated are dropped. There are, of course, plenty of smartphone applications that can replicate at least some of those protections but the FCC’s goal here is to ensure that those calls are halted well before the signals carrying the voice data reach the consumer. Moreover, the commission is continuing with plans to ensure that compliance with the standards is at least somewhat enforceable and that the standards keep up with ever-evolving mobile networking technology while being relatively straightforward to implement across voice service providers.
Impact: In the meantime, there are still several steps that need to be completed by the FCC and SHAKEN/STIR governance authority in order to keep everything on track with Mr. Pai’s new target window. To begin with, although the standards are in place with regard to making a determination about whether carriers or any given call from those is trustworthy, a certification process for the standards is still needed. That will require the appointment of a policy administrator and other authoritative positions to monitor and enforce the standards. Once that’s in place, certification authorities will need to designate and provide “keys” that carriers can cross-reference to determine that legitimacy of a phone call from another carrier.