Chairman Pai Has a Fever – Stopping Caller ID Spoofing!
November 15, 2018 | by Andrew Regitsky
If we tried to rank FCC Chairman Ajit Pai’s priorities we would put ending net neutrality first since it is the major focus of his anti-regulatory world view. Priorities 2A and 2B would be increasing broadband deployment while fixing universal service once and for all. Gaining quickly, however, is Pai’s new obsession, stopping the exponentially increasing number of unwanted robocalls using fake call IDs.
Pai and his FCC compadres recently levied huge fines against three purveyors of thousands of illegal robocalls, and they prepared to take further action if the industry does not adopt a “robust caller authentication system” by next year. Specifically, Pai is warning the industry it must adopt the “Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR) standards” without delay.
Before discussing what SHAKEN and STIR entail, let’s take a moment to define illegal caller ID spoofing. According to Techtarget,
Caller ID spoofing is a service that allows a caller to masquerade as someone else by falsifying the number that appears on the recipient's caller ID display. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID spoofing can make a call appear to come from any phone number the caller wishes.
Caller ID spoofing is provided as a service by a number of vendors. Here's one example of how it works: A customer pays in advance for a certain number of calling minutes. To set up a call, the customer opens a Web form and enters their phone number, the recipient's phone number, and the number chosen to appear on the recipient's caller display. The service then patches the call through between the caller and recipient phones as stipulated. Some other services involve having the caller dial a number to access the service and then dial the phone numbers.
To combat illegal caller ID spoofing, using the SHAKEN/STIR framework, Pai asserts that,
calls traveling through interconnected phone networks would be “signed” as legitimate by originating carriers and validated by other carriers before reaching consumers. The framework digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it. (FCC November 5, 2018 News Release).
The industry has already made significant progress toward the adoption of SHAKEN/STIR since the Commission accepted the recommendations of the North American Numbering Council in May.
Industry stakeholders have now completed the first step of this process—formation of the governance authority for implementing SHAKEN/STIR. The governance authority is a stakeholder group established to determine the policies by which a carrier and its calls are considered trusted enough to “sign” calls originating on their networks. Next, a policy administrator will be established to certify carriers that are authorized to approve a call as legitimate. Finally, certification authorities will be chosen to provide the “keys” that digitally stamp a call as legitimate. Although some carriers are expected to start signing calls even before this process is complete, operationalizing this system will help all carriers sign calls, attesting to their validity from start to finish—and conversely, making clear which calls are not valid. (Id.).
The FCC does not provide any clue as to the actions it would next take if carriers fall behind in implementing SHAKES/STIR. However, Pai makes it clear that one way or another it will ensure that this system is in place next year. And let’s face it, unwanted robocalls are a massive problem that is accelerating.
In an age when cellphones have become extensions of our bodies, robocallers now follow people wherever they go, disrupting business meetings, church services and bedtime stories with their children.
Though automated calls have long plagued consumers, the volume has skyrocketed in recent years, reaching an estimated 3.4 billion in April, according to YouMail, which collects and analyzes calls through its robocall blocking service. That’s an increase of almost 900 million a month compared with a year ago. (nytimes.com, May 6, 2018).
Finally, telecom has an issue we can all get behind. However, companies will now have to find the dollars to implement the systems to stop these unwanted robocalls. It will be interesting to see how the Commission handles it if some companies fall behind.