News

STIR/SHAKEN UPDATE: The Implementation Deadline is Come and Gone, What’s Next

Written by Amy Ralls | Aug 4, 2021 4:00:00 AM

The June 30th deadline from implementing STIR/SHAKEN and registering in the FCC’s robocall mitigation database (RMD) has passed, but there are still a number of ongoing issues to resolve. (If you haven’t registered, do it now). This update provides a brief overview of some of the key open issues.

Blocking Deadline Approaching

September 28, 2021 is the date that terminating and intermediate providers must stop accepting calls directly from voice service providers not registered in the database. This is a two-sided obligation for providers.  As an originators of traffic, they must be in the database, and as terminators of traffic, they must check the database.  Terminating providers are NOT required to give notice before blocking traffic from unregistered providers with which they interconnect.

It is critical that foreign providers in particular are made aware of these requirements.

Signing Calls With an “A” Attestation in Enterprise Use Cases

If you are originating calls for an enterprise customer but did not provide that customer with the number in the caller ID, you may not be able to sign the call with a top-level, “A” attestation, which provides the best chance for ensuring the call is not blocked.  One solution is called certificate delegation in which the entity that has obtained a token to sign calls delegates that right to another provider or the enterprise itself. The use of a delegated certificate enables calls to receive the highest level of attestation when a company sends an outbound call through one service provider using a number assigned to it by another service provider. The STI Governance Authority recently approved use of certificate delegations pursuant to ATIS Specification ATIS-1000092.  It also approved authorizing Resp Orgs, entities that assign toll-free numbers, to receive tokens to sign calls. The STI-GA announcement can be found here.

Additional Rules for VoIP Providers

The vast majority of illegal robocalls appear to originate on VoIP networks.  The FCC is thus considering further rules or restrictions for VoIP providers:

  • The FCC is considering additional requirements for VoIP providers to receive authority from the FCC to obtain direct access to telephone numbers, including potentially requiring those that have already obtained such authority to inform the FCC of ownership changes. The FCC’s proposal can be found here.
  • The FCC has proposed and likely will shorten the extension of the STIR/SHAKEN implementation deadline for small providers (at or below 100,000 subscriber lines). The current extension is for two years. The FCC is proposing, and likely will, shorten the extension to one year. The FCC’s proposal can be found here.

Extending STIR/SHAKEN to TDM Networks

Industry and standards bodies continue to work toward a uniform, commercially available  framework for carrying STIR/SHAKEN information across TDM networks.  Vendors have already proffered solutions but industry has not coalesced around a set of standards.  Progress is being made. The ATIS Non-IP Call Authentication Task Force recently published two new standards (ATIS-100095- Extending STIR/SHAKEN over TDM (ATIS-1000095), and ATIS-1000096, SHAKEN: Out-of-Band PASSporT Transmission Involving TDM Networks)), and a technical report, ATIS-1000097, Technical Report on Alternatives for Call Authentication for Non-IP Traffic.

Please feel free to contact Michael Pryor at mpryor@bhfs.com or the CCA Regulatory Committee if you have questions.