FCC mandates strict caller ID authentication to beat back robocalls
The FCC unanimously passed a new set of rules today that will require wireless carriers to implement a tech framework to combat robocalls. Called STIR/SHAKEN, and dithered over for years by the carriers, the protocol will be required to be put in place by summer of 2021.
Robocalls have grown from vexation to serious problem as predictable “claim your free vacation” scams gave way to “here’s how to claim your stimulus check” or “apply for coronavirus testing here” scams.
A big part of the problem is that the mobile networks allow for phone numbers to be spoofed or imitated, and it’s never clear to the call recipient that the number they see may be different from the actual originating number. Tracking and preventing fraudulent use of this feature has been on the carriers’ roadmap for a long time, and some have gotten around to it in some ways, for some customers.
STIR/SHAKEN, which stands for Secure Telephony Identity Revisited / Secure Handling of Asserted information using toKENs, is a way to securely track calls and callers to prevent fraud and warn consumers of potential scams. Carriers and the FCC have been talking about it since 2017, and in 2018 the FCC said it needed to be implemented in 2019. When that hadn’t happened, the FCC gave carriers a nudge, and at the end of the year Congress passed the TRACED Act to spur the regulator into carrying out its threat of mandating use of the system.
Rules to that effect were proposed earlier this month, and at the FCC’s open meeting today (conducted remotely), the measure passed unanimously. Commissioner Jessica Rosenworcel, who has been vocal about the lack of concrete action on this issue, gladly approved the rules but vented her frustration in a statement:
It is good news that today the Federal Communications Commission adopts rules to reduce robocalls through call authentication. I only wish we had done so sooner, like three years ago when the FCC first proposed the use of STIR/SHAKEN technology.
Commissioner Brendan Starks called the rules a “good first step,” but pointed out that the carriers need to apply call authentication technology not just on the IP-based networks but all over, and also to work with each other (as some already are) to ensure that these protections remain in place across networks, not just within them.
Chairman Ajit Pai concurred, pointing out there was much work to do:
It’s clear that FCC action is needed to spur across-the-board deployment of this important technology…Widespread implementation of STIR/SHAKEN will reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help phone companies identify—and even block—calls with illegal spoofed caller ID information before those calls reach their subscribers. Most importantly, it will give consumers more peace of mind when they answer the phone.
There’s no silver bullet for the problem of spoofed robocalls. So we will continue our aggressive, multi-pronged approach to combating it.
Consumers won’t notice any immediate changes — the deadline is next year, after all — but it’s likely that in the coming months you will receive more information from your carrier about the technology and what, if anything, you need to do to enable it.
Source: TechCrunch