Major voice service providers are testing an industry call authentication and identification framework and expect to implement it by year-end, while smaller providers — especially those that have not migrated to IP (Internet protocol) networks — are working to address the challenges of implementing, or not implementing, the solution themselves, participants in an FCC robocall summit reported today.
FCC Chairman Ajit Pai addressed the participants and reiterated his warning that “we are prepared to go to rules here at the FCC in 2020 if major carriers don’t meet the end-of-the-year deadline,” which he has set for implementing the industry’s SHAKEN (Signature-based Handling of Asserted Information Using toKENs)/STIR (Secure Telephone Identity Revisited) framework.
Throughout the day, participants emphasized the importance of ensuring that information delivered to consumers about incoming calls not create confusion or lead to a continuation of the current lack of trust and widespread tendency not to answer calls from unknown numbers.
The SHAKEN/STIR framework involves “attestations” by originating voice providers that participate in the framework. An “A” attestation indicates that the provider knows the calling party and knows that it has authority to use the calling number associated with the call. A “B” attestation indicates that the provider knows the calling party but does not know if it has authority to use the calling number associated with the call. A “C” attestation indicates only that the provider knows where the call entered its network.
Several participants said that conveying “B” and “C” attestation information to consumers may only confuse them, leaving them unsure about which calls to trust and which not to trust. Others argued that the ultimate goal should be to only deliver “good” calls.
On the major provider panel, Alexander Eatedali, director–engineering, core network and voice at Vonage Holdings Corp., said that Vonage is “working toward being able to sign these calls by end of 2019.” He added, “We’re very close this week or next week to start[ing] testing the signing with our partners.”
Kathleen Foster, director–core networks engineering at T-Mobile USA, Inc., noted that “in 2018, we announced we were the first to be ready [and were] just waiting for someone else to be ready to test with us.” It subsequently began testing with Comcast and plans “to launch with other partners this year,” she said.
Jeff Haltom, senior manager–Verizon headquarters planning at Verizon Communications, Inc., said that the company has deployed STIR/SHAKEN capabilities in its own network. “A Verizon-to-Verizon call today takes advantage of STIR/SHAKEN,” he added.
Bandwidth.com Chief Technology Officer Scott Mullen said, “Today we are actively blocking all bad ANIs [automatic number identification] on our outgoing calls.” He added, “By the end of 2019, we hope to be able to sign all outgoing calls,” including those used for school notifications, prescription notifications, 800 numbers, and mobile apps on smartphones.
Linda Vandeloop, assistant vice president–external affairs/regulatory at AT&T, Inc., said, “We expect that nearly all of our calls originating on our IP networks will be authenticated by the end of the year.” AT&T is currently exchanging signed traffic with one other provider, will be exchanging signed traffic with a second provider next month, and is testing with another, she added. “We will be ready to exchange traffic through the governance authority [STI-GA] by the end of the year,” she said, and AT&T customers will start seeing passed call authentication information soon.
Ms. Vandeloop also chairs the industry’s Secure Telephone Identity Governance Authority Board (STI-GA board).
Chris Wendt, director–technical research and development for IP communications at Comcast Corp., said, “We’ve fully deployed STIR/SHAKEN in our residential networks.” He added that all calls originating on Comcast’s network are being signed and verified.
Mr. Wendt is a co-author of the SHAKEN and STIR standards.
In response to a question about the challenges faced and advice for providers that may not be as far along in the process, Ms. Foster of T-Mobile said that one issue the company encountered is “finding someone to test with.” She recommended that other providers “definitely take advantage of the lab” established by the Alliance for Telecommunications Industry Solutions (ATIS).
“It’s a good idea to start with the validation on your network,” Ms. Foster said, then “reach out to your partners. We’re ready to test with anybody.”
Mr. Haltom of Verizon recommended focusing on “the types of attestation that are most impactful.”
Mr. Mullen of Bandwidth recommended “a slow, methodical” approach, starting with “blocking calls, labeling calls, [and doing] some work with your partners.”
Mr. Eatedali of Vonage recommended, “Start now if you haven’t already.”
In response to a question about the lessons gained from the testing process, Ms. Vandeloop of AT&T said that the ATIS test bed run by Neustar, Inc., “was invaluable.” She noted that “we don’t build our networks to send bad call,” so it was helpful that Neustar could deliberately send “bad calls” in the test bed.
Ms. Foster said, “If you work with the ATIS test lab, they can introduce you to those partners if you don’t already have those relationships.”
Ms. Vandeloop said that if a provider has “no idea” who to partner with for testing, “reach out to your [trade] association.”
Kris Monteith, chief of the FCC’s Wireline Competition Bureau, asked whether there was a role for government action.
Mr. Eatedali suggested that government “try to expand this across our national borders.”
Ms. Foster said, “Some of our international partners have been reaching out. They want to participate.”
Mr. Haltom urged the FCC to “continue to encourage deployment in a robust way that is meaningful. Encourage signing.”
Mr. Mullen urged the FCC to engage in consumer outreach and education to control expectations and help consumers understand that SHAKEN/STIR is “not a silver bullet.”
Ms. Vandeloop emphasized that “even if everybody on this panel exchanges traffic with SHAKEN/STIR, we would have imperceptible impact, because we are not the ones originating those [scam or spoofing] calls.” She called for “working together and focusing on those that are originating the calls and finding a way to incentivize them” to address the issue.
Asked about the challenges to deploying SHAKEN/STIR, Mr. Eatedali cited “getting systems up to a version of code that can support this framework.”
Ms. Foster pointed to equipment makers and “making sure they are all adopting the Veristat display on their devices. … We’re dependent on those displays as well as the networks,” she added.
During a separate panel on using SHAKEN/STIR to improve the consumer experience, Scott Hambuchen, chief information officer at First Orion, said, “We’re blocking about a billion calls a month now.”
Lavinia Kennedy, director–product management at Transaction Network Services, said, “We detect about 300 million illegal and unwanted calls a day.”
Jonathan Nelson, director–product management at Hiya, said that the robocalling industry will be reacting to STIR/SHAKEN, and that Hiya is studying those reactions.
Ms. Kennedy agreed, saying that in the “long term, bad actors are going to change tactics and we’re going to have to stay on top of that.”
Asked about the benefits to consumers from STIR/SHAKEN, Clark Whitten, principal engineer at Cox Communications, Inc., said that it will generate “better trust in the network,” assist in fraud prevention, and reduce complaints to regulatory agencies.
Mr. Hambuchen emphasized the need for consumers to understand that call authentication verifies a number, not the content of the call. “It could be the devil himself calling from a verified number,” he said, adding that “the flip side is true. Just because a call comes through without authentication doesn’t mean it’s a bad call.”
Kathy Stokes, director–fraud prevention programs at AARP, said that “unless all carriers participate, it’s all for naught. … What about those still on copper networks?” she asked.
Regarding actual consumer response, Ms. Kennedy said that TNS has found that “people are far less likely to pick up a call that just displays a number,” even if it displays STIR/SHAKEN validation.
Mr. Hambuchen said, “For STIR/SHAKEN alone we’re not seeing a huge swing in answer rates.” However, if the display shows “enhanced information,” such as the name of the business, “you do see an increase in answer rates,” he said.
Ms. Stokes said that an AARP survey found that most people are aware that spoofing occurs, but they’ll still pick up calls that look like they’re from their neighborhoods or from an area code where a family member lives.
Panelists agreed that ensuring consumers understand what the information and attestations mean is a challenge.
Ms. Kennedy said, “We have to be careful how we display B or C level attestations.”
Mr. Whitten said, “We align on only displaying top-level attestations.”
Mr. Nelson said, “We shouldn’t have to try to make the consumer understand the difference between good calls and bad calls. We should just not give them the bad calls.”
In response to a question about access for those with disabilities, Ms. Kennedy suggested “staying away from icons” because some accessibility screen readers only read text, not icons.
In a presentation on progress and next steps in SHAKEN/STIR governance, STI-GA director Brent Struthers said that STI-GA is “committing to get this implemented by the end of the year,” with a target date of Dec. 11, including having the STI policy administrator (STI-PA) “up and running,” STI certificate authorities (STI-CAs) available, and the ability for service providers to use certifications to authenticate caller ID.
The STI-PA will issue service provider code tokens and maintain a secure list of all authorized STI-CAs and certification revocations. Providers will take the tokens to an STI-CA to get a certificate to sign calls with attestations, he explained.
Mr. Struthers also said that the STI-GA “is finalizing the [permanent] funding mechanism,” which will spread funding over a broader group of participants than those who have funded the start-up stages.
ATIS is seeking applications from parties that wish to be STI-CAs, it announced earlier this week.
During a panel on the deployment challenges facing smaller voice service providers, Joe Weeden, vice president–product management at Metaswitch, said that the company is applying to its smaller customers its experience from deploying STIR/SHAKEN with the largest service providers. One difference, however, is that a small voice provider “needs a complete solution,” he said. Metaswitch has partnered with TNS, combining their technologies into a cloud-based solution, he added.
“We’ve been able to get some of our smaller customers up and running for a trial in a matter of a few days,” Mr. Weeden said.
NTCA Director–industry affairs Brian Ford said that only some of the smallest of NTCA’s members still have CLASS 5 physical switches, and that most have moved to IP soft switches.
Ram Ramanathan, senior director–product management at Ribbon Communications, said that “there are things we could do for TDM networks using analytics — not STIR/SHAKEN, but analytics.”
David Frigen, chief operating officer of Wabash Communications, remarked, “I can tell you from our 3,500 subscribers we are not doing any robocalls.”
Mr. Ford backed that up, saying, “To my knowledge, none of our members have been invited to participate in industry traceback” because they’re not viewed as being the source of the problem.
Mr. Force said he is concerned how “gateway attestation” or C attestation is “going to be handled on the display,” since smaller NTCA members that don’t have IP networks will not be able to provide STIR/SHAKEN attestations when they deliver calls to IP networks that do participate.
During the final session, a “fireside chat” with several FCC bureau chiefs, Enforcement Bureau Chief Rosemary Harold urged people who receive robocalls to enter them in the FCC robocall portal, which the bureau analyzes for trends.
She also said that without the traceback group and industry cooperation, the bureau’s work in this area “would be nearly impossible” due to the need to issue a subpoena for each “hop” that a call takes.
As for what her bureau is up to on the robocall front, Ms. Harold said, “I couldn’t possibly tell you what we’re doing, but we have a few things in the works, so you should look forward to the next few months.” —Tom Leithauser, [email protected]
MainStory: FederalNews FCC TelemarketingSpam
Interested in submitting an article?
Submit your information to us today!Learn More