FCC Seeks to Fill Challenging Gap in STIR/SHAKEN Robocall Defenses
On October 27, 2022, the FCC released a Notice of Inquiry which launches a formal review to consider ways to improve the accuracy of robocall blocking and consumer warning tools for phone networks that are not IP-based. In light of the record developed in response to the Commission's May 2022 Report and Order and Notice of Proposed Rulemaking, the Notice of Inquiry seeks comment on industry progress toward developing a caller ID authentication framework for non-IP networks, and the impact this technology has on the problem of illegal robocalls. The Commission also seeks input on alternative technological or policy solutions to enable caller ID authentication over non-IP networks including the two standards developed by the Alliance for Telecommunications Industry Solutions (ATIS) discussed below.
In 2019, Congress recognized the scope of the problem posed by illegal robocalls and caller ID spoofing and passed the TRACED Act. Among other provisions, the TRACED Act directed the FCC to require voice service providers to implement caller ID authentication technology. Last year, the FCC attempted to curb this practice by requiring that carriers nationwide authenticate all calls using a technology called STIR/SHAKEN. STIR/SHAKEN caller ID authentication combats illegally spoofed robocalls by allowing voice service providers to verify that the caller ID information transmitted with a call matches the caller's number. When this network technology is present, consumers can trust that when the phone rings the caller is who they say they are.
While STIR/SHAKEN has proven effective on networks that rely on Internet Protocol (IP") technology, it does not work in the same way on older parts of the public situated telephone networks that use traditional copper lines. For STIR/SHAKEN to work, voice service providers attach encrypted digital certificates on messages as they pass from network to network. Non-IP networks cannot add or maintain this digital information on calls; thus, any call generated by or passing through a non-IP network does not carry with it any STIR/SHAKEN verification information, including information that an originating voice service provider knows about the caller and its relationship to the phone number it is using along with the call itself. Even if both the calling party and the terminating party use carriers that have adopted IP technology, the authentication data associated with a call is lost if it passes through a non-IP interconnection point or the network of an intermediate provider employing non-IP technology.
Voice service providers using non-IP network technologies must comply with one of two Commission regulations. Either they must upgrade their entire network to IP and adopt STIR/SHAKEN, or they must get involved (directly or through a representative) in industry initiatives to create a non-IP caller ID identification solution. ATIS established the Non-IP Call Authentication Task Force in May 2020 to create solutions for non-IP networks. For the exchange of authenticated caller ID data on non-IP networks, this Task Force published two standards in August 2021: ATIS-1000095, extending STIR/SHAKEN over TDM (time-division multiplexing - commonly used on older copper-based networks), which the Task Force updated with a second version released in August 2022, and ATIS-1000096, Signature-based Handling of Asserted information using toKENs (SHAKEN): Out-of-Band PASSporT Transmission Involving TDM Networks.
The non-IP networks are the most significant remaining gap in implementing the STIR/SHAKEN framework over all phone networks. Last year, the Commission required most voice service providers to have implemented STIR/SHAKEN and start using it on their IP-based networks. The only remaining extensions granted are for facilities-based small voice service providers, which have until June 30, 2023, to implement these provisions. The FCC's action is a move that closes critical loopholes in the STIR/SHAKEN call authentication regime and brings the FCC one step closer to national implementation of STIR/SHAKEN caller ID authentication.
The FCC is seeking comments on, among other things, (1) whether the FCC should require implementation of one or both standards set by the Non-IP Call Authentication Task Force, (2) the prevalence of non-IP network technology across the entire voice network, and (3) the extent to which non-IP Network Technology contributes to the problem of illegal robocalls.
Comments are due December 12, 2022, and Replies are due January 11, 2023.
Want to file comments to the Notice of Inquiry? Contact your friendly Fletcher, Heald & Hildreth attorney to get started today!