In a new milestone for the US government’s anti-robocall efforts, phone companies are now prohibited from accepting calls from providers that did not comply with a Federal Communications Commission deadline that passed this week. “Beginning today, if a voice service provider’s certification and other required information does not appear in the FCC’s Robocall Mitigation Database, intermediate providers and voice service providers will be prohibited from directly accepting that provider’s traffic,” the FCC said yesterday.
Specifically, phone companies must block traffic from other “voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC.” As we’ve written, the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols verify the accuracy of Caller ID by using digital certificates based on public-key cryptography.
STIR/SHAKEN is now widely deployed on IP networks because large phone companies were required to implement it by June 30 this year, but it isn’t a cure-all. Because of technology limitations, there was no requirement to implement STIR/SHAKEN on older TDM-based networks used with copper landlines, for instance. The FCC has said that “providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks.”