What I Learned at SIPNOC 2019
I recently attended my first SIP Forum’s SIPNOC conference, where carriers and the telecoms industry share challenges and best practices for deploying SIP-based technology. SIPNOC 2019, the ninth annual event, was singularly focused on STIR/SHAKEN – the de facto SIP technology to detect call spoofing – and the devastating toll robocalling has taken on trust in phone calls.
Top Three Takeaways:
- The problem statement of addressing robocalls is more nuanced than I first imagined.
If we further breakdown the loss of trust in phone calls, people receiving a phone call fundamentally care about two things:
- ‘Who’s calling?’
- ‘Why is that person/organization trying to reach me?’
STIR/SHAKEN speaks to an even more foundational question: ‘How do I know (and trust) that it’s you and this call/number has not be spoofed?
Once it has been established that I can trust who is calling, I then want to understand why. Rich Call Data (RCD) promises to provide context as to why a caller is trying to reach you.
- Even a divided Capitol Hill agreed on one thing – Robocalls must be stopped.
The TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act) passed this week with a vote 417-3, and President Trump is expected to sign before the end of the year.
The TRACED Act:
- Creates more severe penalties for bad actors knowingly participating in robocalls
- Mandates carriers adopt STIR/SHAKEN in the next 18 months
- Gives broader authority to FCC, FTC and DOJ pursue illegal robocallers and laws apply to any US-based numbers.
Legislation is the first step. For carriers that do not participate, calls originating from their network run the risk of going unanswered or dropped. For those that choose to pursue illegal robocalling, the risk/reward equation will change.
- If the solution were simple, it would have been solved already.
Telecommunications use cases that support enterprises, government organizations and consumers are limitless and complex. There are many challenges, so a single solution that addresses every use case is impractical. For example, there is not yet a clear approach on how multi-homed enterprises will authenticate their calls. The entire ecosystem (regulators, equipment manufacturers, telecommunication service providers, application providers) are carefully considering the numerous use cases to create short-term solutions that will have a significant impact on robocalls. As with most complicated issues, solutions will likely be evolutionary rather than revolutionary.
The industry has hit a tipping point where stakeholders are working in concert to develop and deploy measures to address the problem. The industry has put partisan views and commercial interests aside and is evolving a solution set to put an end to illegal robocalls. In upcoming blog posts, I will cover some areas that are still taking shape – such as Out of Band and Delegation.