FCC questions some SHAKEN implementation claims

The FCC has begun questioning SHAKEN implementation claims made by some voice service providers in their certification filings in the Robocall Mitigation Database (RMD). Here’s what’s happening.

SHAKEN claims challenged

We understand that the Commission is reaching out to robocall mitigation contacts for voice service providers that meet the following criteria:

  1. Claimed a complete SHAKEN implementation in their RMD filing
  2. Is not an authorized service provider registered with the Secure Telephone Identity Policy Administrator (STI-PA) to participate in STIR/SHAKEN.

The correspondence requires such providers to act by Monday, March 14, 2022, either to:

  • Revise the provider’s RMD filing(s),
  • Explain why the provider claimed a complete SHAKEN implementation without registering with the STI-PA, or
  • Provide proof that the provider has registered with the STI-PA.

What brought this on? Perhaps it was the difference between SHAKEN implementation claims versus authorizations.

SHAKEN provider claims vs. authorized

First, let’s have a look at the RMD filings by SHAKEN Implementation, U.S. companies only. As of February 14, 2022, here are the counts:

Complete STIR/SHAKEN1,701
Partial STIR/SHAKEN1,271
N/A (intermediate providers)821

The latest numbers are available on the Robocall Mitigation Database portal.

Currently, there are only 421 authorized SHAKEN providers listed on the STI Policy Administrator website.

That’s 1,701 complete SHAKEN implementations in the RMD versus 421 in the STI-PA, which includes partial and complete SHAKEN implementations, for a gap of 1,280. What gives?

That’s what the Commission wants to know.

We have reported on this gap in previous blog posts. Some providers are listed on the STI-PA authorized provider list just once yet have many—in some cases hundreds—of RMD filings. However, those providers are generally claiming partial SHAKEN implementations. As far as we know, these recent inquiries went to providers that claimed a complete SHAKEN implementation.

We’ve previously reported that some Originating Service Providers (OSPs) that claim a complete SHAKEN implementation have arranged for a downstream provider to sign calls for them. In many cases, the downstream provider uses its own SHAKEN credentials, not the SHAKEN credentials of the OSP (who doesn’t have SHAKEN credentials).

It’s possible that many of the providers that were contacted fall into this category.

question evolves to answer

Regulatory and legal requirements

Here’s why the 1,280 gap matters:

  1. The FCC’s SHAKEN order, paragraph 36, defines SHAKEN as ATIS-1000074, ATIS-1000080, and ATIS-1000084 and all documents referenced therein. This order has been adopted and published and is now law.
  2. ATIS-1000080 describes the SHAKEN governance framework. It says that OSPs must register with and be approved by the STI-PA in order to sign calls with SHAKEN.

If an OSP isn’t SHAKEN approved, then it cannot do SHAKEN as the standards and the FCC defined it.

Our thoughts

We’ve described recurring themes that we’ve observed across many cases. However, there are variations on these themes. We aren’t saying that every provider that claimed a complete SHAKEN implementation is doing the same thing. We work with many voice service providers that sign their calls with SHAKEN. Some certified complete SHAKEN in the RMD and are SHAKEN-authorized by the STI-PA.

  • We believe that any provider that claims a SHAKEN implementation should do SHAKEN.
    • If an OSP has a downstream provider sign calls for them using the downstream provider’s SHAKEN certificate, then it’s the downstream provider that’s doing SHAKEN, not the OSP.
  • If an OSP isn’t doing SHAKEN, then the current rules require them to do robocall mitigation.
    • We believe that all voice service providers should do both robocall mitigation and SHAKEN—they work better together.

We’ll be watching to see how this situation unfolds over the coming weeks.

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.