NANC Report on SHAKEN Call Authentication Trust Anchor

On May 3, the North American Numbering Council (NANC) issued a report to the Federal Communications Commission (FCC) with recommendations for governance arrangements and implementation timelines for secure caller ID, or Secure Telephone Identity (STI), in the United States using the SHAKEN/STIR framework.

Background

  • Telephone users are demanding regulators do something to reduce or eliminate unwanted robocalls. Perpetrators use fake caller IDs to trick users into answering calls.
  • The Do-Not-Call-List, penalties, crowdsourced phone number reputation lookup and blacklists have not provided sufficient relief from unwanted robocalls.
  • The SHAKEN/STIR framework would enable originating telecom service providers to attest the validity of asserted caller ID and sign an outbound call with a secure signature that cannot be faked. The terminating service provider would use the security certificate to validate that the caller ID attestation has not been tampered with.
  • This would enable the provider to present reliable caller ID information to users to help avoid annoying robocalls, which are often used to perpetrate telecom fraud.

Implementation of SHAKEN would require governing bodies:

  1. STI-GA. Governance Authority, which would define policies, procedures and timelines to be followed.
  2. STI-PA. Policy Administrator, which would conduct the day-to-day operations. Selected by the STI-GA.
  3. STI-CA. Certificate Authorities, who would issue certificates to service providers to be used in STI. Approved by the STI-PA.

Highlights of the NANC Report

  • STI-GA should be comprised of 10–15 members from the communications industry, each serving a three-year renewable term, with terms expiring on a staggered basis.
  • The STI-GA technical advisory board comprised of three technical experts to advise the board.
  • The STI-GA should conduct an RFP process to select STI-PAs.
  • STI-PA would approve STI-CAs.
  • The FCC should have an oversight role, but should not have direct involvement in the STI-GA.

Timeline for Establishing Governance Authority

The proposed timeline for implementation involves four steps beginning May 3, 2018. Each step should be completed within three months from the previous step.

  1. Establish the STI-GA.
  2. The STI-GA will issue an RFP for candidates who want to apply for the STI-PA role.
  3. Response deadline for candidate applications for the STI-PA role.
  4. STI-PA selected.

The NANC report stated that service provider inter-operation, vendor implementation and deployment of the SHAKEN/STIR framework should continue in parallel with the STI-GA establishment and STI-PA selection processes.

Incentives

The NANC report suggested measures to accelerate participation by service providers in getting ready for SHAKEN/STIR:

  • Liability protection for service providers in the form of a safe harbor for unintended blocking or misidentification of the level of trust for individual calls
  • Development of a funding structure that allows for broad service provider participation on the STI-GA board
  • Escalation path for resolving disputes or deficiencies in the SHAKEN framework

What About Small Carriers?

The NANC report observed that some small carriers might find it difficult to implement SHAKEN. They recommended that the FCC “must consider potential means of cost recovery for such implementation, particularly for smaller providers, other than through increased end user rates that may render such rates unaffordable.”

Is This a Mandate?

The report recommended that formal mandates should not be issued if progress along the proposed timeline continues. As participation increases, any remaining providers who do not sign outbound calls for their customers would find that many of those calls would go unanswered. Their customers would demand that the provider participate. Market expectations would provide the necessary motivation.

TransNexus View

We are encouraged by the concrete steps proposed in this report to implement SHAKEN. We have already updated our NexOSS and ClearIP software with SHAKEN functionality.

TransNexus can help service providers get ready today by providing the following:

  • Advisory and training services
  • Test plans
  • Assistance with configuring your Session Border Controllers for testing
  • Help with interop testing with the ATIS industry test bed and other carriers who have implemented SHAKEN
  • Implementation of our production-ready solutions

If you would like to begin laying the groundwork for SHAKEN, we’re ready to help. Contact us today for more information.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.