By: Paul Florack
The Federal Trade Commission (FTC) received 4.5 million robocall complaints in 2017, up from 3.4 million the prior year. This significant increase helps to explain why the robocall epidemic is squarely in the crosshairs of wireless and wireline operators, regulators and legislators, technology vendors, and, of course, consumers.
The FTC and Federal Communications Commission (FCC) have been working with the telecommunications industry to encourage solutions to stop robocalls for several years. Illegal spoofed robocalls, where the caller name and telephone number is faked in order to deceive the call recipient, have drawn particular attention. Key to the industry’s response has been the development of call authentication technology known as STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs).
STIR was originally created four years ago by the IETF (Internet Engineering Task Force).
ATIS (The Alliance for Telecommunications Industry Solutions) and the SIP Forum joined and created a task force, the IP-NNI, to deal with number portability, among other concerns. SHAKEN was a direct result of their interface as a task force. STIR/SHAKEN is now an FCC call authentication framework, overseen by both the chairman and the wireline competition bureau, that provides verified information about the origin of calls by enabling service providers to sign and authenticate information in the SIP header related to the origin of calling numbers.
STIR/SHAKEN employs the same type of public/private key structure that has been used on the Internet for a decade to prevent the spoofing of website addresses. The schema filters out spoofing by requiring a public/private key handshake in order to successfully authenticate a call. This practice is currently limited to domestic SIP-to-SIP calls, which are uninterrupted along the network path.
Nonetheless STIR/SHAKEN will undoubtedly provide a key foundational layer in attacking bad actor robocalls. However, it is also certain that a layered approach to the bad actor robocall threat will continue to be required. Based on our own analysis of more than 1 billion network events every day and our broadview across the public switched telephone network as a signaling, IPX and routing hub for over 500 providers, we believe there are a handful of key components for carriers and other stakeholders to consider as part of an effective multilayered approach:
If those whose work has been focused on detecting and addressing nuisance and illegal robocalls know one thing, it is that bad actors change tactics quickly. STIR/SHAKEN authenticates that a call has not been spoofed, but it does not determine caller intent. While call authentication is an important component of rooting out bad numbers, bad actors may still make these calls by registering numbers which, while registered to the callers, are authentically theirs.
For example, relying solely on STIR/SHAKEN, a call originator with an authenticated number could claim to be an IRS representative when in fact it is a bad actor attempting to steal the call recipient’s personal information or money. So while the call originator isn’t spoofing the number and won’t be able to use the same unauthentic spoofed number over an extended period of time, the originator can still be effective by changing tactics. It is entirely possible that bad actors will register blocks of numbers, make fraudulent calls, burn through the numbers quickly, drop them, get a new set of numbers and start the process again.