FCC to require anti-robocall tech after “voluntary” plan didn’t work out
Mar 6, 2020 • ars Technica
Phone companies would be required to deploy technology that prevents spoofing of Caller ID under a plan announced today by Federal Communications Commission Chairman Ajit Pai.Pai follows Congress’ orders, requires carriers to verify Caller ID accuracy.
The STIR and SHAKEN protocols use digital certificates, based on public-key cryptography, to verify the accuracy of Caller ID. STIR/SHAKEN would work best if all phone companies adopt it because it can only verify Caller ID when both the sending carrier and receiving carrier have deployed the technology. Robocallers who spoof real numbers to hide their identities would get flagged by STIR/SHAKEN. Depending on how each carrier implements it, flagged calls could be passed on to consumers with a warning or be blocked entirely.
Carriers have already been adopting STIR/SHAKEN, but Pai said not all companies have done so. “Last year, I demanded that major phone companies voluntarily deploy STIR/SHAKEN, and a number of them did,” Pai said. “But it’s clear that FCC action is needed to spur across-the-board deployment of this important technology.”
While STIR/SHAKEN might help reduce robocalls or slow their growth, it’s not enough on its own to solve the large and complicated robocall problem. For one thing, a lot of robocalls originate from overseas. The FCC recently sent letters to seven US-based voice providers “that accept foreign call traffic and terminate it to US consumers,” saying these companies’ services are “being used as a gateway into the United States for many apparently illegal robocalls that originate overseas.” In a related action, the Department of Justice sued two small companies that allegedly connected hundreds of millions of fraudulent robocalls from Indian call centers to US residents.