In a Press Release earlier this week, FCC Chaiman Pai gave his blessing to a report of the North American Numbering Council on “SHAKEN/STIR”, an industry-developed set of protocols and operational procedures for the cryptographic signing of telephone calls, designed to authenticate telephone calls and mitigate Caller ID spoofing and illegal robocalling. Basically, SHAKEN/STIR is intended to eliminate the use of illegitimate spoofed numbers from the telephone system by establishing a trust-based system for authenticating legitimate ones.
Last summer, the Commission released a Notice of Inquiry on its role in promoting SHAKEN/STIR, and tasked NANC’s Call Authentication Trust Anchor Working Group with investigating and reporting on a variety of issues associated with the SHAKEN/STIR system.
Basically, SHAKEN/STIR began as a project within the Alliance for Telecommunications Industry Solutions (ATIS). The first system proposed by the working group was called Secure Telephone Identity Revisited, or “STIR”. This eventually led to a token-based standard, the Signature-based Handling of Asserted Information Using Tokens, or “SHAKEN.” At a high level, the SHAKEN procedures utilize STIR protocols to allow communications service providers to attest to the legitimacy of a calling party’s number, hence the SHAKEN/STIR moniker.
To maintain its integrity, SHAKEN/STIR includes three discrete actors. The first actor is a Governance Authority, which establishes policies for the SHAKEN certificate management framework. The second actor is a Policy Administrator, which is the day-to-day administrator and primary trust anchor of the system that ensures that certificates used to authenticate and verify tokens are only available to authorized participants. The third and final actor is the Certification Authority, which issues valid certificates.
The NANC Report, among other things: (1) recommends that industry take the lead in expeditiously selecting a Governance Authority that will coordinate stakeholders to ensure that telephone calls can be authenticated; and (2) proposes the Governance Authority’s structure, duties, and relationship with a Policy Administrator. It outlines the functional elements, selection process, and characteristics of the Governance Authority and Policy Administrator, in addition to recommending various milestones, metrics, and incentives to ensure robust participation in the system.
The press release noted that Chairman Pai has accepted the NANC report recommendations for industry to quickly establish a Governance Authority for implementing the SHAKEN/STIR framework, essentially authorizing the industry to take the next steps acting on the NANC recommendations. The NANC report suggests that within a year, the Governance Authority and Policy Administrator for SHAKEN/STIR will be operational, and some providers could be capable of signing and validating SHAKEN/STIR calls. While the Chairman lauded SHAKEN/STIR and the NANC report as “a substantial step forward in ensuring that calls can be authenticated and verified” others have raised concern with the potential major impact that call blocking might have on industries, such as debt collection, to the extent legitimate calling activity could get blocked, expressing concern that these technologies could have big impacts but are little understood.