& cplSiteName &

Robocall Fix Not a Silver Bullet

Carol Wilson
12/13/2018

The current battle against robocalls is very much focused on the emerging Shaken/Stir approach to verifying voice calls across the network, but even those involved in developing and deploying that technology admit there are still challenges to getting it into place, and that it won't be a silver bullet to end issues around annoying calls.

As noted in part one of this two-part story, Can Telecom Ward Off Robocall Regs?, federal and state officials in the US are responding to a flood of consumer complaints by insisting telecom network operators do something to stem the growing tide of automated calls, many of which involve illegally spoofing telephone numbers. Communications service providers are well aware of the problem, but solving it requires expenditures on their part that won't necessarily translate into new revenues.

"There is a business case challenge for carriers of how to get value out of this," notes Joe Weeden, vice president of fixed line product at Metaswitch Networks , which was the first software vendor to complete tests of a Stir/Shaken caller ID authentication solution in the Alliance for Telecommunications Industry Solutions (ATIS) Robocalling Testbed, hosted by the Neustar Inc. (NYSE: NSR) Trust Lab. Stir is the Internet Engineering Task Force (IETF) 's Secure Telephone Identity Revisited (Stir) standard and Shaken or Signature-based Handling of Asserted information using toKENs was developed by ATIS and the SIP Forum as a framework for Stir implementation. "I think one of the reasons it's taken a long time for Shaken to really get deployed and why the regulators are feeling they're having to push so hard is that if the regulators just left it to the carriers, they would take a much longer time to run it out. They would find reasons not to."

That's particularly true for companies that are still heavily TDM-based, who haven't moved to IP, he notes. Shaken is designed for IP interconnection, to use encryption in "signing" voice calls as authentic as they are passed from one network operator to another. That's why most of the work involved in preparing for Shaken happens at the interconnect session border controller (SBC), Weeden says.

Even larger network operators that have largely shifted to IP typically have multiple generations of equipment in their networks at one time, that they must address, notes James Garvert, vice president of Product Management, Caller ID, for Neustar, which operates the test lab.

"So that is something that weighs on the minds of each of these CTOs and the carriers that are out there is, how do I get my infrastructure up to a point where I can actually implement Stir/Shaken?" he says in an interview. "And part of the challenge is there's no real ROI that sits behind this. It's not really a new feature that they can charge for. This is shoring up the existing infrastructure to make for a better user experience ultimately."

Saving the voice network
Some would argue that halting the plague of robocalls is essential to "save" the voice network since consumers are increasingly ignoring voice calls, assuming they are robocalls. But even those involved in developing Shaken, like Jim McEachern, principal technologist for ATIS, are also trying to manage expectations for what it will do.

"In terms of combating robocalls, this is not going to quote-unquote 'solve' the robocalling problem," he says in an interview. "But it is a very important first step. And it will begin to introduce some order and some sanity into the process and in particular, will help with the various analytics engines that are used by a number of people today that provide some insight on in robocalls. One of the things that they base that on is the Caller ID which isn't trustworthy, so it can be spoofed. So they're drawing conclusions on stuff that's not reliable. And as Shaken comes in, they're just going to be that much more effective."

As Weeden notes, Shaken is a building block in helping the analytics and reputation databases in use today do a better job of identifying telephone numbers as authentic or not, and begin to do things like filter out the so-called "neighbor" spoof calls, where the Caller ID reflects the area code and NXX code of the number being called, in order to appear more familiar.

Last April, Verizon Communications Inc. (NYSE: VZ) launched Spam Alerts for its landline customers, using Neustar Caller ID technology that has integrated analytics and can identify calls that are suspicious, based on a reputation database, and include a "SPAM?" on the Caller ID, alerting the recipient that this might be a suspicious call, says Garvert. Stir/Shaken becomes a component of an overall robocall mitigation strategy by better identifying which calls are authentic.

A giant leap?
The important first step of implementing Stir/Shaken may feel like a giant leap for some network operators, as Weeden and Neustar's Ken Politz, director, Product Management, Caller ID, point out. Shaken relies on an IP-to-IP connection, so any call that traverses a legacy TDM network loses its "signature" as valid, so to speak.

"The reality of carrier networks is that there's different levels of reach of SIP within the network," Weeden comments. "Right at the extreme of one end, you've got carriers that are still deploying legacy TDM switches, and gateways and so on. And there's this basically no SIP there. Then you've got carriers who maybe are deploying soft-switches but they've still got a lot of legacy access and so on. And then you got people who deploying end-to-end IP. The reality for most, for the larger carriers, they've actually got a mix of all of those."

That's why, at minimum, an upgrade to the interconnect SBC is required to implement Shaken where it's possible to do that. Network operators are, to some extent, dependent on their existing SBC vendors to make upgrades possible, as many of them noted in their responses to FCC Chairman Ajit Pai's letters seeking an update of Shaken/Stir implementation plans.

"We've seen a wide variance on the vendors, in terms of readiness," says Garvert. "When you think about these equipment vendors, a lot of them are very focused on 5G and IOT and the next big thing that's there, not all of them have focused on some of these base call authentication standards. Since we run that test lab, we see a variance on which vendors have really been active and which ones are still working on other things and still waiting to bring in call authentication."

Metaswitch has its solution in the field and is working with two operators currently, Weeden says, to implement Shaken/Stir in 2019. The company has a longstanding relationship with many independent telcos and smaller operators, and long advocated their move to an IP infrastructure and SIP for voice calls. He admits those who didn't heed that call going back 20 years are now at greater risk.

"There is still a ton of TDM interconnect that is out there," Weeden says. "Those guys are at a risk of being left behind. Once the larger carriers are all signing calls [with Shaken] and passing them between each other, there comes a point where they might start displaying some kind of indication to the end user that the call has been verified. Or they may just be applying some filtering to do something with non-authenticated calls. If your calls are coming in over TDM there's a chance that people aren't going to pick up those calls because they won't be authenticated."


Want to know more about gigabit strategies? Check out our dedicated gigabit content channel here on Light Reading.


There are also potential technical issues depending on the type/age of SIP equipment used, Politz says.

"Depending on their implementations and their SIP stacks, they're running into certain limitations where the messages are getting too big, the equipment may not be able to handle it, or you need to use something to handle fragmentation and things like that," he comments.

That's one major argument for being methodical in implementing Shaken and not rushing things, agrees McEachern.

"One reason why [Stir/Shaken] is being rolled out very carefully is it is inbound, it does go with the signaling and it's adding a fairly big identity header to already large signaling messages," he says. "That needs to be passed through the network, through each stage of the network, the SBCs and the switching elements, and make it through successfully and not cause things to choke along the way and have it drop calls. You want to proceed in a very measured way to make sure that you don't hurt things by trying to help things."

Finally, there isn't yet a firm consensus on what gets passed to the consumer as authentication and even whether there will be blocking of some calls, something the FCC seems to want. Those are among the issues the new Secure Telephone Identity Governance Authority (STI-GA) that ATIS has organized will have to address.

— Carol Wilson, Editor-at-Large, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
jcadler
jcadler
1/16/2019 | 11:30:22 AM
Re: Not a wooden stake, either
We spoke last August; Gerry and Dawn have our contact information.

Related note: There have been a handful of news articles lately about the government shutdown allowing more robocalls.  This is not really the case.  Companies like ours rely on the DNC complaint database as just one source of many and it's current through 12/20. 
MindCommerce
MindCommerce
12/21/2018 | 12:21:54 PM
Re: Not a wooden stake, either
Disclosure: Mind Commerce conducted a Robocall Study Ranks Wireless Carriers' Performance Detecting, Managing Unwanted Calls but it did not include Call Control.

We would like to talk to you or designee at your company to learn more about what you do.

Please Contact Mind Commerce
jcadler
jcadler
12/21/2018 | 11:42:18 AM
Re: Not a wooden stake, either
Agree.  Full disclosure I'm with one of the leading solutions providers for consumers and cloud alike -  Call Control.   We've been asking for an extension of STIR/SHAKEN to the end client so that apps can use the data on the incoming call and provide return path feedback.  
MindCommerce
MindCommerce
12/21/2018 | 11:06:48 AM
Re: Not a wooden stake, either
Good comments, and this one in particular, pretty much sums it up: " They will sell a dozen SIP trunks and what the client does with them they don't care "

In addition to STIR/SHAKEN 2.0, we believe there is a need for many technical approaches to solving the Unwanted Call problem. Here is an article the reviews and comments upon them: Identifying and Avoiding Unwanted Robocalls Requires a Wide Range of Technologies

 

 
lmorris
lmorris
12/14/2018 | 11:13:49 PM
Robocalls
Talking about robocalls, I think I have just read an article that might be useful for anyone at https://www.whycall.me/news/consumer-wins-massive-229500-robocall-lawsuit-against-time-warner-cable/. I think people should have been aware of how annoying these robocalls could be. They have ruined our privacy life since years ago.
jcadler
jcadler
12/13/2018 | 2:47:59 PM
Not a wooden stake, either
It would be remiss not to first acknowledge Carol's long respected career in the telecom industry.  My first industry mag was Telephony, and it instantly broadened my trade-view.  Later Carol interviewed and listened to briefs from my company(ies) over the years always with interest and professionalism.  Not that it was always easy, either!

To the standard, it will help the industry, and moreso regulators and enforcement agencies.  STIR/SHAKEN at least provides traceback for carrier to carrier when implemented, and then to subscriber IF (big) that is provided.  This will speed up and/or enable enforcement to some degree.  

Some carriers don't care.  They will sell a dozen SIP trunks and what the client does with them they don't care.  Runs their business on ten of the lines, runs abusive telemarketing or scams out of the other two. 

Three major components have to come toe for to be really effective: 1) every carrier has to implement the standard, worldwide 2) business processes for traceback in near real-time and 3) the delivery of the same authentication to the endpiont, beyond the terminating switch. Think STIR/SHAKEN 2.0
Featured Video
Upcoming Live Events
October 22, 2019, Los Angeles, CA
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events