New Technology will STIR and SHAKE Robocalls
Everyone knows that robocalls calls are an epidemic. Research from Google shows that half of all smartphone users receive a spam call per day, with over 30 percent experiencing two or more. Even FCC Chairman Ajit Pai has received these annoying calls, which helps explain the latest aggressive push against spam callers.
Enter the STIR/SHAKEN framework. STIR stands for the “Secure Telephone Identity Revisited” and SHAKEN for “Signature-based Handling of Asserted information using toKENs.” It’s a new technology used by telecoms that will proactively verify that people calling you are not using spoofed phone numbers.
As regulatory plans to mitigate spoofed robocalls continue, the implementation of STIR/SHAKEN – how it will take place – will be subject to change. When will STIR/SHAKEN start protecting your phone?
Mitigating Call Spoofing Scams
The Caller ID system was designed to let people know who is calling. Unfortunately, new technologies such as IP telephony made it possible for people to misrepresent their identities. Couple that with readily accessible online services, where you pay a small fee, and then start spamming as many people as you like and you have big problems. There is no downside for attackers – it’s hard to prosecute telephone scammers because there are too many of them and they are often difficult to identify. The FCC and DOJ don’t have tools or resources to investigate and prosecute all of these scams.
This means legal solutions alone aren’t going to stop spam calls. Instead, telecoms have been challenged to create an independent technological solution to verifying caller IDs. Under STIR/SHAKEN, participants are issued a private encryption key that verifies their identity. This ensures that when you receive a verified phone call claiming to be from your financial institution, you can trust that it’s actually the bank and not a fraudster.
When Will You See STIR/SHAKEN in Action?
The first thing you should know is that the FCC is pushing all telecom operators to take a rapid and complete approach to implementing STIR/SHAKEN. The reasoning behind this is that any incomplete implementation of the framework will leave loopholes that scammers will be able to exploit – and consumers will see no reduction in the volume of spam calls.
Last year, the FCC urged telecoms to implement STIR/SHAKEN by the end of 2019. Major carriers are well on their way to implementation, with AT&T, Comcast, and Verizon all rolling out solutions. The rest of the industry has been slower to follow suit, however, which creates problems. There is a potential for scammers to switch away from telecoms with STIR/SHAKEN in place, and towards telecoms who still are not authenticating caller’s phone numbers.
As a result, an otherwise divided Congress voted near-unanimously to pass the TRACED Act which was signed into law last week. The act mandates the implementation of robocall mitigation measures by service providers within 18 months of the bill being passed. It also significantly increases the FCC and DOJ powers to trace spam calls, fine spammers and prosecute bad actors criminally.
STIR/SHAKEN is a Great Start – But it is a Journey
While smartphone owners will no doubt be relieved to know that the government is taking action, there are a few things to consider before we all start celebrating.
First, your phone is still going to ring. STIR/SHAKEN doesn’t outright ban spam callers from ringing your phone – it just presents those calls as unverified numbers that are likely to be spam. You’ll still have to dismiss the call, although it will be much easier to determine which calls are unwanted. STIR/SHAKEN also provides a mechanism to trace robocalls to their source and identify bad actors which will aid in enforcement.
Second, benefits may not accrue to everyone equally. STIR/SHAKEN works on IP networks, but not on legacy TDM networks. Phones served by TDM networks (legacy landline) will not receive an alert and unfortunately these individuals are often older people who are more susceptible to phone scams. The TRACED Act requires TDM network operators to implement protections similar to STIR/SHAKEN to mitigate spoofing.
As we have learned from the cybersecurity arena, agile bad actors are rarely stopped by a single tool. It is expected that a multifaceted approach is likely needed and STIR/SHAKEN represents a big step.
Here at Neustar, we’re at the forefront of Caller Identity solutions. Our organization is dedicated to contributing to industry standards, facilitating environments for testing and developing tools that thwart illegal robocalls. By working with industry stakeholders to restore trust in the phone channel, we’re helping to make sure that everyone who owns a phone can enjoy a lot more peace and quiet.