Today’s FCC deadline forces telcos to combat robocalls

"Scammer calling" message on a smartphone screen

Today is the deadline for telecommunications companies to implement technology protections designed to protect consumers from robocall scammers.

Under legislation introduced 18 months ago, telcos must have implemented technology as of today that verifies callers on their networks or face potential penalties.

Ribbon launches robocall-fighting managed service Eight arrested over Royal Mail ‘smishing’ scam Tax refund scammers target university staff and students Austin Energy warns of scammers soliciting payments in the wake of mass power outages

The protocol designed to stop scam robocallers is called secure telephone identity revisited (STIR). It applies digital signatures to telephone numbers from calling parties on session initiation protocol (SIP) networks. Signature-based handling of asserted information using toKENs (SHAKEN) is a set of STIR implementation guidelines for carriers.

A call made on a STIR/SHAKEN-enabled network sends an authentication request and originating phone number to a STIR authentication service.

The service checks that the caller is authorized to use that number and then signs a digital token that it sends to another STIR server on the recipient's network. That second server checks the legitimacy of the token against its database before passing the call to the recipient.

The technology is designed to stop robocall scammers spoofing numbers from reaching victims.

Robocalls have become a massive nuisance in the US, where consumers received 77 billion unwanted robocalls in 2020 alone, according to the Transaction Network Services 2021 Robocall Investigation Report.

The FCC originally asked the US telecommunications industry to adopt these anti-spoofing protocols voluntarily in November 2018 under Chairman Ajit Pai, after a consultation on methods to verify caller information. The industry put together a stakeholder group for implementing the technology,

This attempt to introduce STIR/SHAKEN voluntarily stalled. In December 2019, Congress got tough, passing the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which required implementing the technology within 18 months. In March 2020, Pai proposed a set of rules implementing that mandate.

Statistics suggest that the mandate has already started to work. The number of robocalls targeting US consumers dropped 28% from 2019, which TNS attributes in part to the implementation of STIR/SHAKEN and filtering apps. Over a third of the calls passing over carrier networks in December 2020 were signed using the technology, up from 21% in January 2020.

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing.

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.