EnlargeGetty Images | MassimoVernicesole

Phone companies would be required to deploy technology that prevents spoofing of Caller ID under a plan announced today by Federal Communications Commission Chairman Ajit Pai.

Pai framed it as his own decision, with his announcement saying the chairman "proposed a major step forward… to protect consumers against spoofed robocalls." But in reality the FCC was ordered by Congress and President Trump to implement this new rule. The requirement on the FCC was part of the TRACED Act that was signed into law in December 2019. Pai previously hoped that all carriers would deploy the technology voluntarily.

"I'm excited about the proposal I'm advancing today: requiring phone companies to adopt a caller ID authentication framework called STIR/SHAKEN," Pai said in his announcement. "Widespread implementation will give American consumers a lot more peace of mind when they pick up the phone." The FCC will vote on the measure at its March 31 meeting.

The STIR and SHAKEN protocols use digital certificates, based on public-key cryptography, to verify the accuracy of Caller ID. STIR/SHAKEN would work best if all phone companies adopt it because it can only verify Caller ID when both the sending carrier and receiving carrier have deployed the technology. Robocallers who spoof real numbers to hide their identities would get flagged by STIR/SHAKEN. Depending on how each carrier implements it, flagged calls could be passed on to consumers with a warning or be blocked entirely.

Carriers have already been adopting STIR/SHAKEN, but Pai said not all companies have done so. "Last year, I demanded that major phone companies voluntarily deploy STIR/SHAKEN, and a number of them did," Pai said. "But it's clear that FCC action is needed to spur across-the-board deployment of this important technology."

STIR/SHAKEN can be used by mobile phone providers and home VoIP services, but landline providers have said they can't deploy it on the older TDM services that run on traditional copper phone lines. That won't change with the FCC action, as the underlying US law and Pai's proposal only "require originating and terminating voice service providers to implement STIR/SHAKEN in the Internet Protocol (IP) portions of their networks."

The requirement would apply to big carriers by June 30, 2021 and to small and rural providers one year later. In addition to mobile providers, companies that offer IP-based phone service over cable or fiber lines would have to comply.

Robocalls from outside US a major problem

While STIR/SHAKEN might help reduce robocalls or slow their growth, it's not enough on its own to solve the large and complicated robocall problem. For one thing, a lot of robocalls originate from overseas. The FCC Read More – Source

[contf] [contfnew]

arstechnica

[contfnewc] [contfnewc]