The June 30th deadline from implementing STIR/SHAKEN and registering in the FCC’s robocall mitigation database (RMD) has passed, but there are still a number of ongoing issues to resolve. (If you haven’t registered, do it now). This update provides a brief overview of some of the key open issues.
Blocking Deadline Approaching
September 28, 2021 is the date that terminating and intermediate providers must stop accepting calls directly from voice service providers not registered in the database. This is a two-sided obligation for providers. As an originators of traffic, they must be in the database, and as terminators of traffic, they must check the database. Terminating providers are NOT required to give notice before blocking traffic from unregistered providers with which they interconnect.
It is critical that foreign providers in particular are made aware of these requirements.
Signing Calls With an “A” Attestation in Enterprise Use Cases
If you are originating calls for an enterprise customer but did not provide that customer with the number in the caller ID, you may not be able to sign the call with a top-level, “A” attestation, which provides the best chance for ensuring the call is not blocked. One solution is called certificate delegation in which the entity that has obtained a token to sign calls delegates that right to another provider or the enterprise itself. The use of a delegated certificate enables calls to receive the highest level of attestation when a company sends an outbound call through one service provider using a number assigned to it by another service provider. The STI Governance Authority recently approved use of certificate delegations pursuant to ATIS Specification ATIS-1000092. It also approved authorizing Resp Orgs, entities that assign toll-free numbers, to receive tokens to sign calls. The STI-GA announcement can be found here.
Additional Rules for VoIP Providers
The vast majority of illegal robocalls appear to originate on VoIP networks. The FCC is thus considering further rules or restrictions for VoIP providers:
Extending STIR/SHAKEN to TDM Networks
Industry and standards bodies continue to work toward a uniform, commercially available framework for carrying STIR/SHAKEN information across TDM networks. Vendors have already proffered solutions but industry has not coalesced around a set of standards. Progress is being made. The ATIS Non-IP Call Authentication Task Force recently published two new standards (ATIS-100095- Extending STIR/SHAKEN over TDM (ATIS-1000095), and ATIS-1000096, SHAKEN: Out-of-Band PASSporT Transmission Involving TDM Networks)), and a technical report, ATIS-1000097, Technical Report on Alternatives for Call Authentication for Non-IP Traffic.
Please feel free to contact Michael Pryor at email@example.com or the CCA Regulatory Committee if you have questions.