Solving the Robocalling Problem - Part I: STIR/SHAKEN
The telecom industry has to bring a solution to illegal robocalling. To combat spoofing, experts have developed STIR/SHAKEN.
By Tarek Wiley
“Your car warranty is about to expire.”
“This is your final notice from the IRS to inform you of overdue taxes.”
You’ve probably received pre-recorded messages like the ones above intending to spam or scam you. And you’re not alone.
According to YouMail, a third-party robocall blocking software company, more than 47.8 billion of these “robocalls” were made in 2018, an increase of 57% from 2017.
Why Illegal Robocalling Persists
The Federal Communications Commission (FCC) is aware of the robocalling problem — it’s their number one complaint. And yet the problem is only getting worse. In fact, robocalls are expected to make up around 50% of all calls in 2019.
But what about the National Do Not Call Registry? Well, it just doesn’t work. Illegal robocalls are more sophisticated than ever, leveraging cheap, simple voice networks to make calls.
They also use a method called “spoofing” to falsify the information you see on your caller ID display. For example, some robocalls make it look as though a call is coming from a local number, so the called party is more likely to answer the phone.
The problem is that the caller ID isn’t being verified. Illegal robocalls are coming from invalid numbers or numbers that the caller doesn’t have the authority to use, making it difficult to track down abusers.
Of course, not all robocallers are trying to scam you. Legitimate companies use robocalling for legal activities, including timely notifications like credit card alerts and prescription reminders. The challenge is finding a way to stop illegal robocalls without also blocking the legal ones.
The STIR/SHAKEN Solution
Ultimately, it’s up to the telecommunications industry (specifically the providers) to implement a solution to illegal robocalling.
To combat spoofing, industry experts have developed a new technology standard called Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN).
Together, STIR/SHAKEN establishes a framework and set of protocols that providers can use to authenticate the caller ID and identify call origination. This makes it easier to filter out the bad calls, address instances of abuse and better hold violators accountable.
How it works
When a call is made, the originating provider generates a signed token based on their ability to authenticate the caller. Using this token, the terminating provider can analyze the call to confirm the identity and legitimacy of the caller ID.
Here is the step-by-step breakdown:
- The calling party initiates a phone call through the originating service provider, which then contacts an internal authentication service to verify the caller ID number. The authentication service assigns an attestation level to the call and generates a signed token.
- The token is included as a header in the SIP INVITE and passed along to the terminating service provider, which contacts an internal verification service for analysis.
- The verification service reaches out to a certificate repository to validate the signature on the token.
- The call is completed to the recipient, and the terminating service provider can either pass along the verification results to the called party or take additional action, such as blocking the call.
Advancements in STIR/SHAKEN have been promising, but we still have a long way to go before it can be truly effective.
So what’s the holdup?
The STIR/SHAKEN solution requires widespread provider adoption to be successful, and until we have mass compliance, illegal robocalls will still get through without validation. Network limitations and other roadblocks stand in the way, and we must clear these hurdles to ensure compliance by all voice providers.
Can't wait for the next post in our robocalling series? Check out our on-demand robocalling webinar for additional insights.