STIR/SHAKEN

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 09:26, 20 January 2024 by Admin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Also known as Verified Caller ID and Trusted Calling.

STIR/SHAKEN acronyms for Secure Telephone Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN).

STIR/SHAKEN framework is only operational on IP networks

STIR/SHAKEN is a carrier-based Caller ID authentication standard that helps verify that a call is in fact from the number displayed on the Caller ID and not spoofed.

FCC Mandate

FCC Mandate: FCC rules require most providers to implement and use STIR/SHAKEN in the Internet Protocol (IP) portions of their networks. This is part of the TRACED Act.

The STIR/SHAKEN mandate was approved unanimously, and the order sets a June 30, 2021 implementation deadline for all originating and terminating voice service providers. The agency is seeking comment on a proposal to extend the deadline for small voice service providers, as well as to require caller ID verification on non-IP voice networks, and expand the STIR/SHAKEN mandate to include intermediate voice service providers.

This relates to the FCC TRACED Act. TRACED also being an acronym, Telephone Robocall Abuse Criminal Enforcement and Deterrence.

TRACED Act Caller ID Authentication Tools

  • Implementation of STIR/SHAKEN
  • Assessing Barriers to Implementing STIR/SHAKEN
  • Number Resources - both toll free and non-toll free numbering resources
  • Consumer Call Blocking
  • Unauthenticated Number Protection
  • Reassigned Number Database Report
  • Report to Congress on the One-Ring proceeding
  • Hospital Robocall Protection Group (HRPG)
  • Traceback capability
  • Robocall/Spoofing Violation reporting and data sharing

The FCC requires that all voice service providers certify in the Robocall Mitigation Database that they have fully implemented STIR/SHAKEN or have instituted a robocall mitigation program to ensure that they are not originating illegal robocalls. To further protect consumers, gateway providers – those serving as the entry point for foreign calls into the United States – must both implement STIR/SHAKEN and institute a robocall mitigation program. All providers are required to submit to this public database the contact information for the personnel at their company responsible for robocall-mitigation related issues. And those providers certifying to their implementation of a robocall mitigation program are required to include descriptions of the reasonable steps they are taking to avoid originating illegal robocall traffic.

For Non-IP networks: providers using older forms of network technology are required to either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks.

The FCC estimates eliminating wasted time and nuisance from illegal robocall scams could result in $3 billion in cost savings annually, and protect Americans from robocall schemes that take approximately $10 billion from consumers each year.

Verifying Calls

Major carriers will start verifying calls with other carriers using STIR/SHAKEN.

March 2020 - The Federal Communications Commission adopted rules requiring phone companies implement the STIR/SHAKEN caller ID authentication protocol in their IP networks.

March 2021 - Verizon has started authenticating caller IDs using STIR/SHAKEN in exchanges with other major wireless carriers, as well as Comcast.

STIR/SHAKEN helps carriers verify that an incoming call is actually coming from the number that shows up on the caller ID and isn’t spoofed and originating from a different number. STIR/SHAKEN aims to help prevent and fight against scams and robocalls.

Limitations

Even though the largest voice service providers are now using STIR/SHAKEN caller ID authentication standards it has yet to be deployed to any significant degree (2023) on landline phone networks. Furthermore, most companies that carry a lot of robocalls aren't yet required to follow the rules because of an exemption for carriers with 100,000 or fewer customers. They continue to operate because of an FCC exemption.

Caller ID spoofing is used by robocallers to mask their identity or to make it appear the call is from a legitimate source, often a nearby phone number with the same area code and exchange. They have been taking advantage of VoIP technology however now they may retreat into using FCC exempt telephone carriers so that they can continue to spoof their calls using fake or other people's phone number on the caller ID.