According to a plan announced today by Federal Communications Commission chairman Ajit Pai, telephone companies would have to use technologies that prevent caller ID spoofing.
Pai formulated it as his own decision, announcing that the chairman "proposed a big step forward … to protect consumers from counterfeit robocalls." In reality, however, Congress and President Trump directed the FCC to implement this new rule. The FCC requirement was part of the TRACED Act, which was incorporated into the Act in December 2019. Pai previously hoped that all airlines would voluntarily use the technology.
"I am delighted with the proposal I am pushing today: Telephone companies must implement a caller ID authentication framework called STIR / SHAKEN," said Pai in his announcement. "A widespread implementation will give American consumers a lot more security when they pick up the phone." The FCC will vote on the measure at its meeting on March 31.
The STIR and SHAKEN protocols use digital certificates based on public key cryptography to verify the correctness of the caller ID. STIR / SHAKEN works best when all telephone companies take it over, since it can only check the caller ID if both the sending and the receiving provider have provided the technology. Robocallers who fake real numbers to hide their identity are marked by STIR / SHAKEN. Depending on how each network operator implements it, flagged calls can be forwarded to consumers with a warning or blocked entirely.
Carriers have already introduced STIR / SHAKEN, but Pai said that not all companies have done so. "Last year I requested that large telephone companies use STIR / SHAKEN voluntarily, and some of them did," said Pai. "However, it is clear that FCC action is needed to drive the widespread use of this important technology."
STIR / SHAKEN can be used by mobile operators and VoIP home services. However, fixed line operators have indicated that they cannot provide it on older TDM services that run on traditional copper phone lines. This will not change with the FCC action as the underlying US law and Pai's proposal only "require voice service providers to implement and terminate STIR / SHAKEN in the IP (Internet Protocol) portions of their networks."
The requirement would apply to large airlines by June 30, 2021 and to small and rural carriers a year later. In addition to mobile operators, companies that offer IP-based telephone services over cable or fiber optic lines would have to comply with them.
Robocalls from outside the United States are a big problem
While STIR / SHAKEN can help reduce robocalls or slow their growth, it alone is not enough to solve the big and complicated robocall problem. On the one hand, many robocalls come from overseas. The FCC has recently sent letters to seven US-based language providers "that take overseas traffic and end it to US consumers." The services of these companies are "used as a gateway to the United States for many apparently illegal robocalls originating overseas." In a similar operation, the Department of Justice sued two small companies that allegedly linked hundreds of millions of fraudulent robocalls from Indian call centers to US citizens .
The new US law, which required the FCC to require SHAKEN / STIR, gave the FCC discretion in regulating calls from abroad. Congress urged the FCC to "consider" how the Commission "could establish commitments to international gateway providers that are the first entry point for these calls to the United States, including potential requirements that these providers may have from the foreign originator under Art and purpose check calls before initiating the service. "However, it is up to the FCC to take further action on this point.
We have asked Pai's office if his plan will affect fake overseas calls, and will update this article when we get a response. The full text of Pai's plan has not yet been published.