The FCC wants international carriers to implement calling line authentication. Many in the industry have doubts about its effectiveness
The impact of STIR/SHAKEN is not yet clear: Recently the FCC has extensively regulated to tackle the problem of robocalls, which has become a large-scale problem in the US (estimates suggest Americans received more than 4bn/month in 2020). One key measure taken by the FCC was to require operators to implement new calling line authentication standards (the ‘STIR/SHAKEN’ protocol) to make it harder for scammers to conceal their identity behind a different phone number. However, its impact is still unclear due to relatively recent implementation and the fact that small VoIP providers have until June 2023 to adopt it. Early evidence suggests that robocallers are increasingly using operators that haven’t yet implemented STIR/SHAKEN, as well as those based abroad which do not have to comply with US regulation.
International carriers could soon fall within scope: On 27 April, the Chairwoman of the FCC announced new rules looking to address the problem of robocalls from abroad. These will be up for vote at the Commission’s next open meeting of 19 May. If adopted, they will require ‘gateway’ providers (i.e. providers that are the point of entry for a call that originated abroad) to participate in reducing or preventing robocalls. This will include applying the STIR/SHAKEN protocol to calls originating abroad with US numbers, as well as blocking and tracing efforts, among other provisions. Non-compliance by a gateway provider would result in them being removed from the Robocall Mitigation Database, where operators currently have to certify the measures they are adopting to fight robocalls. They would also be subject to mandatory blocking by other networks, which could end their ability to operate altogether.
Many in the industry aren’t convinced of the FCC’s approach: It’s easy to see why the FCC wants to expand the scope of its rules and neutralise the threat coming from abroad. However, the new proposal is also evidence of the limited effectiveness of what has been done so far, and of the need for more international cooperation – which hasn’t been forthcoming until now. Even US operators are sceptical about the impact of the FCC’s proposal. In a submission to the FCC, Verizon noted that placing all responsibility to stop foreign-originated illegal calls onto a new class of gateway providers would create a burden on good actors, while bad actors would find ways to avoid being classified as gateways. Requiring these providers to adopt STIR/SHAKEN would have little use, since these wholesale carriers are generally unable to verify the origin of a call and can’t help with tracing back illegal traffic. Verizon and other operators have suggested that a better approach would be to run targeted investigations of specific spam campaigns, rather than implementing an expensive universal architecture to determine the origin of every call.