In a new milestone for the US government’s anti-robocall efforts, phone companies are now prohibited from accepting calls from providers that did not comply with a Federal Communications Commission deadline that passed this week. From a report: “Beginning today, if a voice service provider’s certification and other required information does not appear in the FCC’s Robocall Mitigation Database, intermediate providers and voice service providers will be prohibited from directly accepting that provider’s traffic,” the FCC said yesterday. Specifically, phone companies must block traffic from other “voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC.” As we’ve written, the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols verify the accuracy of Caller ID by using digital certificates based on public-key cryptography.
STIR/SHAKEN is now widely deployed on IP networks because large phone companies were required to implement it by June 30 this year, but it isn’t a cure-all. Because of technology limitations, there was no requirement to implement STIR/SHAKEN on older TDM-based networks used with copper landlines, for instance. The FCC has said that “providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks.” The FCC also gave carriers with 100,000 or fewer customers until June 30, 2023, to comply with the STIR/SHAKEN requirement, though the commission is seeking comment on a plan to make that deadline June 30, 2022, instead because “evidence demonstrates that a subset of small voice service providers appear to be originating a high number of calls relative to their subscriber base and are also generating a high and increasing share of illegal robocalls compared to larger providers.”
Read more of this story at Slashdot.