Comments on SHAKEN extensions and effectiveness

The TRACED Act requires the FCC to request comments on whether STIR/SHAKEN extensions are needed and if STIR/SHAKEN is effective. There were some interesting comments filed. Let’s have a look.

Recurring themes

  • Almost all agreed that STIR/SHAKEN efficacy should be assessed by how well it enables caller ID authentication, not by how well it prevents illegal robocalls or spoofed illegal robocalls.
  • Most said that STIR/SHAKEN has been effective where it’s been used yet has room for improvement.
  • Most said that the biggest limitation to STIR/SHAKEN effectiveness is the presence of non-IP barriers in the call path. Proposed remedies:
    • Encourage the transition to IP.
    • Require providers that rely on non-IP technology to either transition to IP or implement an approved, standardized method to transmit SHAKEN information around or across TDM barriers.
  • A few mentioned problems with unsupportable attestation levels given to some calls.
  • A few other problems were mentioned:
    • False or inaccurate certifications in the Robocall Mitigation Database go unchallenged, with no adverse consequences.
    • Call labeling companies are pressuring enterprise customers with pay-to-play schemes, i.e., “Pay for our service, else we’ll label your calls as spam.”

Comments

There were 40 pages of comments from eight organizations. Here are summaries of each. You can click the filer’s name above each summary to read that organization’s filing.

NCTA – The Internet & Television Association

  • STIR/SHAKEN has proven very effective for those providers that have implemented the framework.
  • Adoption of STIR/SHAKEN has been hindered by carriers that have not transitioned to IP.
  • Agree that efficacy should be assessed by how well SHAKEN authenticates caller ID information.
  • Urges the Commission to encourage incumbent LECs to finally complete the transition to IP.

Neustar, Inc.

  • STIR/SHAKEN is effective where it’s been deployed in all-IP networks and PASSporTs are exchanged between originating and terminating voice service providers.
  • Agrees that call authentication is the appropriate measure of success.
  • Recommends that the Commission encourage providers to:
    1. Implement STIR/SHAKEN more pervasively throughout the voice network
    2. Increase verification rates
    3. Apply ATIS specifications when assigning attestation levels.

Numeracle

  • Agrees with evaluating STIR/SHAKEN based on its effectiveness in authenticating the identity of the calling party.
  • There’s too much disparity among Know Your Customer approaches.
  • The Commission should establish rules for Know Your Customer and Customer Due Diligence. Rules established by the Financial Crimes Enforcement Network are a good model.
  • The Commission should require adoption of the Global Legal Entity Identifier Foundation (GLEIF) system.
  • The Commission should ask Congress to extend its authority to regulate caller information display.
  • The Commission should encourage the creation of standards to allow originating service providers to embed the authenticated identity of the calling party into the call.
    • The Commission should mandate that intermediate and terminating providers preserve and transmit this identity information to the call recipient.

Transaction Network Services, Inc.

  • The Commission should not revise implementation extensions.
  • STIR/SHAKEN is having its intended effect. Scam robocalling is more difficult in the networks of providers that have implemented STIR/SHAKEN.
  • TNS is concerned about instances of unsupportable attestation levels.

TransNexus

  • Small facilities-based provider extension should end as planned on June 30, 2023. The extension for providers that cannot obtain a SPC token is moot but should remain on the books to comply with the TRACED Act.
  • Agree with assessing the efficacy of STIR/SHAKEN on how well it effectuates authentication of caller ID.
  • STIR/SHAKEN is not effectively authenticating caller ID information because it isn’t being used as intended.
    • There are thousands of voice service providers that claim a SHAKEN implementation but are not authenticating their calls and signing with their own SHAKEN certificate. This results in lower attestation levels and no accountability. (These calls have many robocalls among them.)
    • Only 15% of calls received by terminating providers are signed with full A-level attestation, and this is on a downward trend.
    • Only 24% of calls received by terminating service providers have SHAKEN information. Much of the SHAKEN information generated is lost at non-IP barriers.
  • To address these shortcomings:
    1. Authentication should happen at origination by voice service providers that know the caller and their authority to use the calling number.
    2. Voice service providers must be approved by the Policy Administrator, get their own SHAKEN certificate, and have their calls signed with their own certificate.
    3. Any provider that relies on non-IP technology must either convert to IP or use a standardized method to send STIR/SHAKEN information across or around TDM barriers.

USTelecom – The Broadband Association

  • STIR/SHAKEN implementation may already be responsible for some bad actors shifting to acquiring batches of real numbers instead of spoofing.
  • The Commission should clarify that downstream providers that sign calls on behalf of an originating provider should only do so with the originating provider’s token, except in limited circumstances.
  • The Commission should clarify that, for the purposes of STIR/SHAKEN signing, a “customer” means an end user and not a wholesale upstream provider. This will ensure that intermediate do not apply A- or B-level attestations when they do not know who the actual end user caller is.
  • There needs to be more consistency in how providers attest calls.

Voice on the Net Coalition

  • The Commission should encourage IP interconnection across all networks.
  • Local exchange carriers, particularly in rural areas, rely on legacy TDM tandems for interconnection. SIP interconnections are generally not available. Who would bear the cost?
  • VON encourages the Commission and the industry to address commercial limitations.
  • If industry cannot reach a consensus, the Commission should take more proscriptive action, as the CATA report recommends:
    1. Ask the CATA WG to expeditiously recommend a way for a centrally managed list of STI-CPSs to be maintained for use with Out-of-Band PASSporT Transmission Involving TDM Networks.
    2. Encourage the industry to develop and propose a solution to the SIP interconnection problem.
  • STIR/SHAKEN efficacy should not be solely based on how well it effectuates the authentication of caller ID information because of the small percentage of signed calls received by terminating carriers.
  • Call labeling companies are pushing enterprise customers to “pay-to-play” solutions to reduce the likelihood that those same call labeling companies may mislabel calls.

WetWork, LLC

  • The Commission has put no mechanism for companies that deliberately and falsely represent complying with the Act or its technical requirements.
  • The Commission should clarify what results from false or inaccurate certifications.
  • The Commission should provide a mechanism to inform the FCC of such violations.
comment bubbles

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.