US consumers should start getting relief from the robocall plague in 2019, thanks to an industry-wide effort to better identify legitimate calls. That effort may also forestall regulatory action, although it's not yet certain the industry is moving fast enough for the FCC to let the telecom service providers implement changes on their own.
In multiple responses to a letter from Federal Communications Commission Chairman Ajit Pai, sent in early November, executives from major telecom operators, cable, wireless and VoIP providers all spelled out company plans to use a combination of technologies now known as SHAKEN/STIR beginning in late 2018 with Comcast, and then including other major operators such as AT&T Inc. (NYSE: T), Verizon Communications Inc. (NYSE: VZ) and T-Mobile US Inc. starting in early 2019.
UPDATE/CORRECTION: T-Mobile says it is already ready for SHAKEN/STIR and announced its adoption in early November.
Other companies, including Charter and Sprint, are all promising to test and begin deployment in 2019 as well, but with caveats as to industry readiness to make the technology changes necessary. Operators with more rural service territories and more TDM technology in their networks, including Frontier Communications Corp. (NYSE: FTR) and TDS Telecom , are promising to start authenticating calls via SHAKEN/STIR next year but admit they face other challenges to blocking robocalls.
As part of the broader effort, the industry has set up a Secure Telephone Identity Governance Authority (STI-GA) under the auspices of Alliance for Telecommunications Industry Solutions (ATIS) , to support "the timely deployment of the SHAKEN/STIR protocol and framework." On Tuesday, ATIS announced that former Neustar executive Brent Struthers would be the new director of the STI-GA. This comes after years of industry work within ATIS and the North American Numbering Council and its Call Authentication Trust Anchor Working Group, as well as at the Internet Engineering Task Force (IETF) .
SHAKEN, which stands for Signature-based Handling of Asserted information using toKENs), is a framework which was developed by ATIS in conjunction with the SIP Forum and is being used to implement STIR, or Secure Telephone Identity Revisited, a protocol developed by the IETF to authenticate caller ID information, so consumers know numbers aren't being spoofed.
SHAKEN allows an originating service provider to create a digital signature for each call using cryptography, says Jim McEachern, principal technologist for ATIS and one of those directly involved in developing SHAKEN. That signature includes information about the caller ID and the call, which then travels in-band with that call across whatever networks are required to reach its destination, since most calls traverse multiple interconnected networks.
The inability to authenticate calls that traverse multiple networks is what robocallers have been exploiting, leading to an industry that generated more than 30 billion robocalls in 2017 costing consumers $350 million annually according to the Consumers Union. Robocallers manage to avoid detection and third-party blocking efforts, such as NoMoRobo, by spoofing legitimate numbers and even appearing to be calling from legitimate sites, notably the Internal Revenue Service. Catching them requires being able to determine, in real time, which calls are authentic and which aren't.
That's the issue that Pai and a group of 35 state attorneys general want the telecom industry to solve more quickly, by making sure non-authentic calls are blocked or, at the very least, flagged for consumers. In his letter to carriers, Pai asked not only what their plans were for deployment but also what was standing in the way of their efforts. If he isn't happy with the responses, the FCC can still choose to act on robocall regulation.
That could take industry control away and actually create future problems, McEachern says.
"We thought about this hard and I think we've got a pretty solid infrastructure in place," he tells Light Reading in an interview. "But you know the bad guys are going to find some weakness somehow, either through social engineering or just flaws, they will find some way to work around the system. And if you had to go through a regulatory hearing process in order to respond to that, you would be three years behind the bad guys forever."
An industry-led initiative under regulatory oversight can spot problems and develop resolutions much faster by implementing best practices or adjusting specifications, if necessary, to deal with issues much faster, he adds.
McEachern, who is retiring later this month, believes Pai and the FCC will be satisfied with the industry's response thus far and not implement heavy-handed regulation, an opinion seconded by Jim Tyrrell, senior product marketing director for Transaction Network Services, which operates a large independent SS7 network and provides numbering, roaming and settlement services for telecom service providers, as well as reputation profiles for phone numbers.
There are still a number of issues to be resolved, they agree, including how to handle calls that are not authenticated via SHAKEN/STIR, what information to give consumers about their incoming calls and how to handle robocalls for legacy TDM traffic.
As more network operators begin to authenticate the calls they originate, things should improve even if everyone isn't carry those signatures across their networks, McEachern says, because the authentication data can improve the analytics behind third-party call blocking solutions such as NoMoRobo, and that will be some immediate relief for consumers. There is also hope for new solutions taking advantage of artificial intelligence, Tyrrell notes.
Next Page: Adopting SHAKEN/STIR