US consumers should start getting relief from the robocall plague in 2019, thanks to an industry-wide effort to better identify legitimate calls. That effort may also forestall regulatory action, although it's not yet certain the industry is moving fast enough for the FCC to let the telecom service providers implement changes on their own.

In multiple responses to a letter from Federal Communications Commission Chairman Ajit Pai, sent in early November, executives from major telecom operators, cable, wireless and VoIP providers all spelled out company plans to use a combination of technologies now known as SHAKEN/STIR beginning in late 2018 with Comcast, and then including other major operators such as AT&T Inc. (NYSE: T), Verizon Communications Inc. (NYSE: VZ) and T-Mobile US Inc. starting in early 2019.

UPDATE/CORRECTION: T-Mobile says it is already ready for SHAKEN/STIR and announced its adoption in early November.

Other companies, including Charter and Sprint, are all promising to test and begin deployment in 2019 as well, but with caveats as to industry readiness to make the technology changes necessary. Operators with more rural service territories and more TDM technology in their networks, including Frontier Communications Corp. (NYSE: FTR) and TDS Telecom , are promising to start authenticating calls via SHAKEN/STIR next year but admit they face other challenges to blocking robocalls.

As part of the broader effort, the industry has set up a Secure Telephone Identity Governance Authority (STI-GA) under the auspices of Alliance for Telecommunications Industry Solutions (ATIS) , to support "the timely deployment of the SHAKEN/STIR protocol and framework." On Tuesday, ATIS announced that former Neustar executive Brent Struthers would be the new director of the STI-GA. This comes after years of industry work within ATIS and the North American Numbering Council and its Call Authentication Trust Anchor Working Group, as well as at the Internet Engineering Task Force (IETF) .

Figure 1: Just what the regulator ordered?

SHAKEN, which stands for Signature-based Handling of Asserted information using toKENs), is a framework which was developed by ATIS in conjunction with the SIP Forum and is being used to implement STIR, or Secure Telephone Identity Revisited, a protocol developed by the IETF to authenticate caller ID information, so consumers know numbers aren't being spoofed.

SHAKEN allows an originating service provider to create a digital signature for each call using cryptography, says Jim McEachern, principal technologist for ATIS and one of those directly involved in developing SHAKEN. That signature includes information about the caller ID and the call, which then travels in-band with that call across whatever networks are required to reach its destination, since most calls traverse multiple interconnected networks.

The inability to authenticate calls that traverse multiple networks is what robocallers have been exploiting, leading to an industry that generated more than 30 billion robocalls in 2017 costing consumers $350 million annually according to the Consumers Union. Robocallers manage to avoid detection and third-party blocking efforts, such as NoMoRobo, by spoofing legitimate numbers and even appearing to be calling from legitimate sites, notably the Internal Revenue Service. Catching them requires being able to determine, in real time, which calls are authentic and which aren't.

Want to hear more about the leading operator use cases for AI technologies? Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

That's the issue that Pai and a group of 35 state attorneys general want the telecom industry to solve more quickly, by making sure non-authentic calls are blocked or, at the very least, flagged for consumers. In his letter to carriers, Pai asked not only what their plans were for deployment but also what was standing in the way of their efforts. If he isn't happy with the responses, the FCC can still choose to act on robocall regulation.

That could take industry control away and actually create future problems, McEachern says.

"We thought about this hard and I think we've got a pretty solid infrastructure in place," he tells Light Reading in an interview. "But you know the bad guys are going to find some weakness somehow, either through social engineering or just flaws, they will find some way to work around the system. And if you had to go through a regulatory hearing process in order to respond to that, you would be three years behind the bad guys forever."

An industry-led initiative under regulatory oversight can spot problems and develop resolutions much faster by implementing best practices or adjusting specifications, if necessary, to deal with issues much faster, he adds.

McEachern, who is retiring later this month, believes Pai and the FCC will be satisfied with the industry's response thus far and not implement heavy-handed regulation, an opinion seconded by Jim Tyrrell, senior product marketing director for Transaction Network Services, which operates a large independent SS7 network and provides numbering, roaming and settlement services for telecom service providers, as well as reputation profiles for phone numbers.

There are still a number of issues to be resolved, they agree, including how to handle calls that are not authenticated via SHAKEN/STIR, what information to give consumers about their incoming calls and how to handle robocalls for legacy TDM traffic.

As more network operators begin to authenticate the calls they originate, things should improve even if everyone isn't carry those signatures across their networks, McEachern says, because the authentication data can improve the analytics behind third-party call blocking solutions such as NoMoRobo, and that will be some immediate relief for consumers. There is also hope for new solutions taking advantage of artificial intelligence, Tyrrell notes.

Next Page: Adopting SHAKEN/STIR

In his November letters to operators, Pai acknowledged the work of major players, including Comcast, AT&T, Verizon and T-Mobile US Inc. , while seeming to single out seven companies -- CenturyLink Inc. (NYSE: CTL), Charter, Sprint, TDS, Vonage, Frontier and US Cellular -- for falling behind. Their responses to his letter were a bit all over the map.

In his Nov. 19 response, CenturyLink CTO Andrew Dugan fully defended his company's approach, saying CenturyLink has been actively engaged in the industry-wide effort and expected to complete its testing of SHAKEN/STIR by early 2019. He said the company's wholesale network could be ready to "transit SHAKEN messages as early as the end of 2018" and its retail network will be available for testing "within weeks" with the "anticipation of implementation as early as 2019." The retail network would originate the authentication of calls.

Charter Communications Inc. CEO Tom Rutledge pointed to the need for hardware and software vendors to step up for Charter to proceed but said the company has begun deployment activities for SHAKEN/STIR this year and will continue testing in 2019.

CEOs from Frontier and TDS both cited challenges to bringing their rural and TDM networks into line with Pai's SHAKEN/STIR challenge. Frontier CEO Daniel McCarthy pointed out that Frontier does not originate much IP traffic, as its voice networks are still largely TDM, but added that the company is looking for "the best way" to implement the new protocols as it transitions to IP. Frontier is in the vendor selection process and has narrowed its choices to two, McCarthy added.

TDS is also in vendor discussions and will test a SHAKEN/STIR protocol in 2019, according to Ken Paker, senior vice president and CTO. He also spoke up on one of the general areas of concern around the new solution, namely that legitimate calls might be blocked for lacking the authentication signature, and asked that the telecom industry be allowed to continue exploring other avenues for blocking robocalls.

Vonage said it will fully implement SHAKEN/STIR by the end of 2019, noting that it is working with its session border controller vendor, Sonus Networks (now part of Ribbon Communications) to develop a solution.

AT&T provided the most detailed and specific outline of its plans for SHAKEN/STIR in 2019, but Comcast is actually the first company out of the gate. Tony Werner, president of technology and product for Comcast Cable, told the FCC that Comcast expects to be "signing" calls from its residential customers by the end of the year and expects to verify calls for its entire residential customer base by March 2019.

Coming next week: The ongoing technical challenges

— Carol Wilson, Editor-at-Large, Light Reading