The US Federal Communications Commission (FCC) announced today new rules mandating that all US telecommunication providers implement caller ID authentication systems using a technical standard known as STIR/SHAKEN.
The move must be completed by June 30, 2021, the FCC said in a press release.
The STIR/SHAKEN protocol is considered today’s best defense against robocalls, an issue that’s been plaguing North American telcos, in particular.
The protocol works by using cryptographic certificates to sign a caller’s ID. Calls are signed by the telco network where the call originated, and are verified by the voice provider where the call connects — all via a remotely-hosted third-party certificate repository.
Work on the protocol began in the mid-2010s, but its adoption skyrocketed in 2018, when the FCC imposed a hard deadline for networks implementing STIR/SHAKEN by the end of 2019.
US telcos began testing the protocol inside their networks in 2018, and in March 2019, AT&T and Comcast announced they successfully completed the first SHAKEN/STIR-authenticated call between two different networks.
The FCC’s move to impose a strict deadline for STIR/SHAKEN adoption comes after US President Donald Trump signed the TRACED Act in late December 2019.
The new law gave the FCC and the Department of Justice more powers to prosecute robo-callers (voice call spammers) and encouraged the FCC to mandate new rules for “acceptable robocalls.”
The TRACED Act also mandated that consumers should get access to robocall blocking at no additional charge on their bill, and also gave a green light to the FCC to push telcos for technical solutions that block unwanted calls.
That technical solution came today, with the FCC mandating that “all originating and terminating voice service providers to implement STIR/SHAKEN in the Internet Protocol (IP) portions of their networks by June 30, 2021.”
The FCC said that future plans include making STIR/SHAKEN adoption mandatory for intermediate voice service providers as well. Currently, STIR/SHAKEN adoption is only mandatory for telcos where the call originates and connects.
Other FCC plans include coming up with another caller ID authentication solution for non-IP-based voice networks, where STIR/SHAKEN can’t work.
The US telecommunications regulator also said it was working on extending the STIR/SHAKEN implementation deadline with one year, to 2022, for smaller voice service providers who don’t have the financial resources for big technical upgrades.
“The FCC estimates that the benefits of eliminating the wasted time and nuisance caused by illegal scam robocalls will exceed $3 billion annually, and STIR/SHAKEN is an important part of realizing those cost saving,” the agency said.