The US Federal Communications Commission (FCC) announced today new rules mandating that all US telecommunication providers implement caller ID authentication systems using a technical standard known as STIR/SHAKEN.
The move must be completed by June 30, 2021, the FCC said in a press release[1].
The STIR/SHAKEN protocol[2] is considered today's best defense against robocalls, an issue that's been plaguing North American telcos, in particular.
The protocol works by using cryptographic certificates to sign a caller's ID. Calls are signed by the telco network where the call originated, and are verified by the voice provider where the call connects -- all via a remotely-hosted third-party certificate repository.
Work on the protocol began in the mid-2010s, but its adoption skyrocketed in 2018, when the FCC imposed a hard deadline for networks implementing STIR/SHAKEN by the end of 2019.
US telcos began testing the protocol inside their networks in 2018, and in March 2019, AT&T and Comcast announced they successfully completed the first SHAKEN/STIR-authenticated call between two different networks[3].
The FCC's move to impose a strict deadline for STIR/SHAKEN adoption comes after US President Donald Trump signed the TRACED Act in late December 2019[4].
The new law gave the FCC and the Department of Justice more powers to prosecute robo-callers (voice call spammers) and encouraged the FCC to mandate new rules for "acceptable robocalls."
The TRACED Act also mandated that consumers should get access to robocall blocking at no additional charge on their bill, and also gave a green light to the FCC to push telcos for technical solutions that block unwanted calls.
That technical solution came today, with the FCC mandating that "all originating and terminating voice service providers to implement STIR/SHAKEN in the Internet Protocol