Insights & Resources

Part III: The Roadmap to STIR/SHAKEN Compliance

When implemented on a large scale, STIR/SHAKEN can greatly reduce a robocaller’s ability to “spoof” the called party.

Tarek Wiley
Robocalling Blog_Part 3_banner
When it comes to reducing the number of illegal robocalls we receive each day, STIR/SHAKEN is our best hope.
STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) work together to verify caller authenticity, assigning an attestation level to the call in the form of a signed token and then passing along that confidence to the called party.
When implemented on a large scale, STIR/SHAKEN has the potential to greatly reduce a robocaller’s ability to “spoof” the called party. But STIR/SHAKEN must be made mandatory for all providers if we are to ensure compliance across networks.

FCC Legislation

Though the Federal Communications Commission (FCC) has expressed a commitment to addressing the robocalling problem, they’ve had trouble getting everyone on board. Smaller voice providers see little incentive to adopt STIR/SHAKEN. Some even look the other way when illegal robocalls are made on their networks because of the money the traffic generates.
The FCC can threaten regulatory action, but new legislation is necessary to ensure widespread STIR/SHAKEN implementation.
Lawmakers recently introduced the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED) to enforce STIR/SHAKEN. Together with the Stopping Bad Robocalls Act, lawmakers hope that TRACED will make it easier to identify and prosecute violators. However, some are worried that the legislation will not have the intended effect and instead make things more difficult for legitimate businesses.

Chain of Trust

STIR/SHAKEN requires providers to use certificates when generating signed tokens for SIP identity headers. To ensure the certificates and tokens are valid, providers must implement a chain of trust that includes three entities:
  • Policy Administrators (PA): The PA maintains the integrity of STIR/SHAKEN certificates by evaluating and authorizing those who request them.
  • Governance Authority (GA): The GA makes the rules for the PA to follow when issuing certificates. This responsibility currently falls under the Alliance for Telecommunications Industry Solutions (ATIS).
  • Certification Authorities (CA): The CA issues valid secure telephone identity (STI) certificates for the signed tokens.
By providing the certificates and tokens through one source of truth, spoofed calls will be easier to recognize.

The Players

There are several committees and subcommittees involved in finding solutions to robocalling, implementing STIR/SHAKEN and ensuring widespread compliance. Two of the biggest players are ATIS and the North American Numbering Council (NANC).
As mentioned before, ATIS is currently overseeing the GA of STIR/SHAKEN and has been active in selecting the PA as well.
The NANC was created to advise on numbering issues and recommend ways to improve number administration. The committee is assisted by multiple subcommittees, including the Call Authentication Trust Anchor (CATA) Issues working group, which is responsible for creating the criteria for the GA and PA.
As a member of each of the above groups, Telnyx is actively working on STIR/SHAKEN implementation and advocating for widespread adoption. But much like our network redundancy, we don’t put all our eggs in one basket. Though we are inspired by the potential of STIR/SHAKEN, there are other industry solutions in the works as well.
For example, Telnyx serves on the Numbering Administration Oversight Working Group (NAOWG) — a subcommittee of the NANC — which is currently working on a reassigned number database that would give legal robocallers (e.g., doctors, schools, etc.) the ability to check if a number has been disconnected (and therefore possibly reassigned to another customer).

Looking to the Future

We may have a long way to go before we can put a stop to robocalling once and for all, but STIR/SHAKEN is a promising start. With improved legislation, an authentication trust anchor and the help of a vast ecosystem of industry experts, we are laying the foundation for the future of robocall prevention and remediation.
It all starts with widespread compliance among the providers to ensure that all calls, regardless of origination, contain a signed token and appropriate attestation level.
At Telnyx, we have a no-tolerance approach to spam and fraudulent activities, and we work hard to keep illegal robocalls off our private, global network. But our stand against illegal robocalling extends beyond our own walls.
Because STIR/SHAKEN will only work on IP-based networks, Telnyx continues to push the IP transition to further protect consumers. We are active participants in industry rating and routing groups where we are advocating for more direct IP routing in national databases, attempting to help smaller operators whose calls must traverse the TDM.
For more information about robocalling, STIR/SHAKEN and how Telnyx will be implementing the solution, check out a recording of our robocalling webinar.
Share on Social

Get Started for Free!

Create a free account to set up voice, messaging, IoT, video & more.