Robocalling represents one of the biggest hassles for anyone with a “smart” phone. For those without unaltered Caller ID information to stand between them and the ever-growing horde of machine-driven phone calls, it’s an endless nightmare of checking voicemail and picking up to either hear nothing at all or an automated sales pitch about everything from our car’s extended warranty to indecipherable calls presented in a growing variety of languages.
There may be an answer on the horizon in the form of new technology to combat robocallers: STIR and SHAKEN.
The Potential Threats Caller ID Faces
While we think of Caller ID as a system that helps us avoid robocalls, the fact is that for every advance in avoiding robocalls we make, the spammers are always a step ahead.
Apps. One commercially available app known as SpoofCard allows virtually anyone to alter their appearance on Caller ID. Billing itself as a solution for calling privately, the app allows users to modify the name and number that appears when they make calls. Plus, users can record their conversations automatically.
Neighbor spoofing. The FCC recognizes this issue as a particular threat. “Neighbor spoofing” is where a company or individual can change their visible phone number to one that’s similar to one in the area where the call terminates. Since most of us readily think a local number may be someone calling from close by, so we’re more likely to pick it up.
The law itself. There are actually legal uses for Caller ID spoofing. The FCC again notes, in the Truth in Caller ID Act, that there are such uses, including when “…a business displays its toll-free call-back number.” With legal uses in place for Caller ID spoofing, the infrastructure that allows it to happen cannot be banned or otherwise removed from play.
How Do STIR and SHAKEN Fight Robocalling Effectively?
Technology called STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information using toKENs) deliver a potentially powerful one-two punch to defeat robocalling.
Supporting Caller ID. While STIR and SHAKEN can’t properly be called “Caller ID authentication,” they do offer some extra support for Caller ID. It’s possible to spoof Caller ID—in fact, it’s done regularly—but STIR and SHAKEN offer a means of traceability back to the originating service provider, or at least the first hop to an IP-based provider network. That narrows things down a bit, but it’s not completely authenticating Caller ID readings.
Multiple attack vectors. There are several different ways to deploy STIR and SHAKEN. For instance, one of the earliest ways that will likely see launch are SHAKEN tools, including SHAKEN’s identity header transit system between service providers, as well as its identity header population / signing tools to identify calls coming from non-service provider entities.
Verification and analytics functions are also on hand to help better designate spam calls where possible. Even international calls will fall under these tools, being considered “gateway” calls and addressed with “gateway” attestation value markings.
Network support. Those who are considered voice service providers, meanwhile, have a hand in the development of STIR and SHAKEN. They will be called upon to be part of the ecosystem that allows for SHAKEN call signing certificates to exist. Additionally, they will also have a hand in both populating and signing identity headers, which in turn will help future robocalls be found and shut down before they reach the end user.
How thinQ Is Gearing Up to Fight Robocalling With SHAKEN / STIR Technology
While STIR and SHAKEN are mandated to be implemented in late 2021 at the earliest, our executive and technical teams have been watching them closely. In fact, we’re already tackling this serious issue with a few key points.
Populating identity headers. Once STIR and SHAKEN are established in our network, thinQ will begin the process of populating identity headers. Specifically, identity headers that come from those we consider customers of service provider-based voice service networks. Some service providers will have to do their part on this front as well, but working together, identity headers should spread fairly quickly.
Full attestation. The issue of full attestation is one still being discussed within the various planning groups and organizations building STIR and SHAKEN. Thus, thinQ is working to produce a standard for full attestation that will better help make identifying robocalls possible.
Multi-pronged rollout approach. Even when STIR and SHAKEN conclude their development phases, they still won’t be available all at once. Current reports suggest that SHAKEN will get the brunt of development, starting with its Identity Header Transmit system potentially available by the end of this year, followed immediately by Identity Header Population / Signing systems. Finally, in 2021 or potentially later, the last system will emerge: SHAKEN Call Verification.
In addition, according to The Verge: “Even at the end of June 2021, the system won’t be foolproof. Phone providers only have to apply the technology to the IP-based portions of their networks (so phone systems that still rely on older tech are exempted), and the FCC (details) is working to extend the deadline for smaller phone companies by a year.”
The development process for SHAKEN and STIR is proving to be challenging, but both technologies will deliver exciting new ways to combat nuisance calls when it’s complete. Stick with us here at thinQ to find out when we’ll put these new tools to work for you.