FCC proposes rules on SHAKEN certificate revocation for noncompliance

The FCC issued a Second Further Notice of Proposed Rulemaking (FNPR) on January 14, 2021, regarding SHAKEN certificate revocation. Here’s an overview.

Background

STIR/SHAKEN call authentication relies on a governance framework to maintain trust and accountability.

Triangle of Trust

Triangle of Trust

The governance framework includes:

  • Governance authority (STI-GA). Sets policies and appoints a Policy Administrator.
  • Policy administrator (STI-PA). Vets and approves certificate authorities and service providers to participate in the SHAKEN ecosystem.
  • Certificate authorities (STI-CA). Issue SHAKEN certificates to approved service providers.
  • Service providers. Create SHAKEN PASSporTs to attest to call authentication. The PASSporT is cryptographically signed and includes a reference to the SHAKEN certificate that relying parties use to verify the authentication.

The STI-GA has established a revocation policy, which allows the STI-PA to suspend or revoke a Service Provider’s ability to participate in the STIR/SHAKEN ecosystem. These actions are reviewable by the STI-GA.

FCC proposes rules on SHAKEN certificate revocation for noncompliance

Proposed rules

In their Second FNPR, the Commission proposed the following rules:

  • They continue to refrain from unduly intruding on the private STIR/SHAKEN governance structure.
  • However, the FCC has a role in reviewing the STI-GA’s decision to revoke a service provider’s SPC token because this would place the provider out of compliance with FCC rules.
  • Therefore, the proposed rule would allow review by the Wireline Competition Bureau.
    • Requests for review that raise novel questions of fact, law or policy would be considered by the full Commission.
  • Any appeal to or review by the Commission must first exhaust all review by the STI-GA’s review process.
  • A service provider would not maintain the right to use an SPC token that had been revoked while appealing to the Commission.
  • A service provider would not be judged to be in violation of Commission rules until the Commission completes review.

The Commission seeks comments on these proposed rules.

TransNexus solutions

We offer STIR/SHAKEN and robocall prevention solutions in our ClearIP and NexOSS software platforms.

In addition, we help service providers with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing their Robocall Mitigation certification with the FCC.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.