FCC Chairman Ajit Pai has accepted the recommendations of the North American Numbering Council (NANC) to institute a governance authority to oversee implementation of the SHAKEN/STIR protocols. The FCC and NANC hope the framework will help fight robocalls and spoofed numbers by providing procedures to authenticate caller ID information associated with telephone calls.
SHAKEN/STIR is an industry-developed set of rules and procedures designed to authenticate caller ID information associated with telephone calls by assigning them an encrypted “digital fingerprint.” Calls originating from a particular service provider are digitally signed with a Secure Telephone Identity (STI) certificate verifying the caller is entitled to use the indicated phone number. The terminating service provider can then review the STI certificate to validate the calling party’s number and screen spoofed calls to the service provider’s customers. The process is similar to SSL certificates used to establish secure connections between internet users and websites, and can be used to cryptographically verify incoming call information.
NANC’s report was issued in response to a 2017 notice of inquiry directing the council to investigate industry implementation and FCC promotion of the SHAKEN/STIR system. The report recommends “expeditiously” creating an STI Governance Authority (STI-GA) formed from NANC’s constituency of communication service providers, and who will be responsible for pursuing industry implementation of the SHAKEN/STIR framework. The STI-GA would also be responsible for mediating between stakeholders on authentication efforts, and would maintain transparency with the FCC to stay abreast of regulatory developments.
Adoption of the SHAKEN/STIR framework represents a major step in fighting spoofed calls but is somewhat limited by only authenticating phone numbers and not callers. NANC’s report identified caller authentication as “the next logical step of the call authentication ecosystem,” and it is likely that future FCC action will seek to expand verification efforts. In the meantime, however, authentication data will assist carriers and data analytics companies in identifying likely illegal calls and facilitating consumer choice regarding the disposition of such calls.
* Josh Stevens contributed to this post.