byadmin

05 Feb 2019

Future of Telephony – how “the VoIP version of SSL” aims to get rid of unsolicited calls

Can SHAKEN/STIR be the panacea for getting rid of phone spammers?

Unsolicited calls have always been an annoyance, but with the dramatic rise of VoIP (and robocalling) over the past decade and the disturbing trend of call ID spoofing, unwanted phone calls and their very real impact on productivity, security, and business integrity can be reasonably termed an epidemic.  In 2016 Americans received approximately 2.4 billion robocalls each month[efn_note] http://www.nanc-chair.org/docs/mtg_docs/May_18_Call_Authentication_Trust_Anchor_NANC_Final_Report.pdf [/efn_note], a number that has only gone up over the last two years.

The authorities respond

In a November 2018 press release[efn_note]https://docs.fcc.gov/public/attachments/DOC-354933A1.pdf[/efn_note], the FCC identified combatting illegal robocalls as the agency’s top consumer priority and renewed its call for adoption of an industry-standard call authentication system known as SHAKEN/STIR— the Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR).

In development since 2015 by a team of telecom engineers and other industry experts, SHAKEN/STIR uses tokens to validate the authenticity of a call[efn_note]https://www.fcc.gov/about-fcc/fcc-initiatives/fccs-push-combat-robocalls-spoofing[/efn_note] from the point of origin and each carrier along the interconnected network verifies this identity before it is finally delivered to the consumer.

For an authentication protocol to work, every link in the connection chain must implement it.

If this digital signature approach rings a bell, it’s because it is modeled after the internet protocol of using SSL certificates to authenticate a website’s identity.  Similar to the way your browser warns you when a certificate for a site is suspect, voice calls may begin arriving with a visual indicator, such as a reassuring green checkmark, or a custom ringtone that assures consumers the call is legitimate.  The North American Numbering Council, an FCC advisory panel, has proposed several interface and implementation models[efn_note]http://www.nanc-chair.org/docs/mtg_docs/Sep16_Robocall_Spoofing_Concepts.pdf[/efn_note]

Insecure links

Unfortunately, for an authentication protocol to work, every link in the connection chain must implement it. This means all the telecom carriers, from AT&T to Verizon and all the companies fighting for market share in between, need to commit the resources and technical oversight to put the protocol into their entire network. Not a small ask, to be sure.

And that’s why, at the heart of the FCC’s November statement, was the news that FCC Chairman Ajit Pai had sent letters to voice providers cajoling them to implement the standards immediately. The missives also sought status updates on implementation progress and thanked the carriers that have made progress—which of course, also serves to put even more pressure on those providers that are dragging their feet. 

Where do we go from here?

The SHAKEN/STIR protocol won’t be a magic bullet that will end robocalling with one decisive blow, but just as spam folders and automated filtering have done for emails, the technology promises to dramatically decrease the volume and visibility of deceptive phone calls so that the economic incentive dries up. As fewer robocalls reach their intended target and the ability to spoof numbers becomes more difficult, scammers, many of whom have teams of employees and significant overhead costs, will be put out of business and slink back under the rock they came from.

On the flipside of this cost benefit model is the concern among some industry watchers that carriers will pass the price of implementing SHAKEN/STIR onto their customers, but as the entire industry comes aboard the costs should be constrained by competition in the market. Plus, the value of ending unsolicited calls is significant as consumers will save time, money and, very possibly, their peace of mind.