US carriers haven’t been doing enough to block robocalls, according to the Federal Communications Commission (FCC), so its chairman, Ajit Pai, has proposed a set of rules that would force carriers to block robocalls.
According to the FCC, spam robocalls cost $3bn in wasted time and money each year. That doesn’t even take into account the fraud part. The Commission estimates that scammers use robocalls to milk an annual $10bn from Americans. They are flooded with these calls – up to 200 million each day.
In November 2018, Pai asked the phone carriers to adopt a technology framework called SHAKEN/STIR to help solve the problem.
STIR (Secure Telephone Identity Revisited) defines a set of protocols used on SIP networks for applying digital signatures to telephone numbers from calling parties. SHAKEN (Signature-based Handling of Asserted information using toKENs) is a framework for STIR, providing implementation guidelines for carriers to roll out STIR so that it is compatible with all their networks and operates in real-time.
In a SHAKEN/STIR interaction, the originating caller’s phone sends an authentication request along with their phone number to a STIR authentication service (which would typically be operated by their carrier). The authentication server checks that the caller has the right to use that number, and signs a digital token which is sent to the recipient’s STIR verification service. That service checks the authentication service’s repository of digital certificates to ensure that the invitation is legit. If the certificate matches, the call goes through to the recipient. If not, the carrier can drop it.
The industry’s response to Pai’s request was muted, so in February 2019 he warned that if carriers didn’t step up, he’d introduce regulations to make them use the technology to block robocalls. Following a still-sluggish response, that’s what he’s done.
Pai said that the new rules would now make the technology mandatory:
It’s clear that FCC action is needed to spur across-the-board deployment of this important technology. There is no silver bullet when it comes to eradicating robocalls, but this is a critical shot at the target.
Carriers would have to adopt them by 30 June 2021, although a proposed extension would give small and rural providers an extra year.
He needed legislative support to propose these rules. It came in December 2019, when the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act was signed into law. That will force carriers to implement the technology, and will also increase fines while making them easier to collect. That’s an important step for the FCC, which has drawn flak for failing to collect the penalties it imposes on robocallers.
The FCC will vote on the rules on 31 March 2020.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.