US carriers haven’t been doing enough to block robocalls, according to the Federal Communications Commission (FCC), so its chairman, Ajit Pai, has proposed a set of rules that would force carriers to block robocalls.
According to the FCC, spam robocalls cost $3bn in wasted time and money each year. That doesn’t even take into account the fraud part. The Commission estimates that scammers use robocalls to milk an annual $10bn from Americans. They are flooded with these calls – up to 200 million each day.
In November 2018, Pai asked the phone carriers to adopt a technology framework called SHAKEN/STIR to help solve the problem.
STIR (Secure Telephone Identity Revisited) defines a set of protocols used on SIP networks for applying digital signatures to telephone numbers from calling parties. SHAKEN (Signature-based Handling of Asserted information using toKENs) is a framework for STIR, providing implementation guidelines for carriers to roll out STIR so that it is compatible with all their networks and operates in real-time.
In a SHAKEN/STIR interaction, the originating caller’s phone sends an authentication request along with their phone number to a STIR authentication service (which would typically be operated by their carrier). The authentication server checks that the caller has the right to use that number, and signs a digital token which is sent to the recipient’s STIR verification service. That service checks the authentication service’s repository of digital certificates to ensure that the invitation is legit. If the certificate matches, the call goes through to the recipient. If not, the carrier can drop it.
The industry’s response to Pai’s request was muted, so in February 2019 he warned that if carriers didn’t step up, he’d introduce regulations to make them use the technology to block robocalls. Following a still-sluggish response, that’s what he’s done.
Pai said that the new rules would now make the technology mandatory:
It’s clear that FCC action is needed to spur across-the-board deployment of this important technology. There is no silver bullet when it comes to eradicating robocalls, but this is a critical shot at the target.
Carriers would have to adopt them by 30 June 2021, although a proposed extension would give small and rural providers an extra year.
He needed legislative support to propose these rules. It came in December 2019, when the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act was signed into law. That will force carriers to implement the technology, and will also increase fines while making them easier to collect. That’s an important step for the FCC, which has drawn flak for failing to collect the penalties it imposes on robocallers.
The FCC will vote on the rules on 31 March 2020.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
6 comments on “Phone carriers may soon be forced to adopt anti-robocall tech”
My phone, Metro-T-mobile found a way of fighting robo-calls. Even after I have blocked the phone#, the call is send to voice mail. So, I am getting those voice mails w/o the phone ringing. I have to check the voice mail app in order to see the phone # where the call originated. I send text messages to stop the calls and, I don’t get the option to block the phone.
I’m guessing the carriers will have their lawyers literally make a federal case out of it, tying things up in the courts for years and weakening the rules along the way.
And, you should know, Politicians and Parties are exempt from these rules.
I’m curious as to why the carriers are stonewalling this change? Why would they not want to block robocalls, do carriers generate revenue from incoming/outgoing calls? Wouldn’t blocking robocalls actually make their service more reliable and strong, since more bandwidth is left for the actual customers?
Yes, unfortunately, the carriers DO earn revenue from those calls. 🙁
It is a huuuuge infrastructure update. Would totally be worth it imo though.