It should come as no surprise to anyone with a cellphone that robocalls are still a problem. The FCC asserted that in 2020 alone, illegal robocalls drained $13.5 billion from the U.S. economy. Congress responded to this crisis by passing the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED) aimed at combating illegal robocalls. It primarily focused on requiring telecommunications providers to implement call authentication technologies and increased penalties for robocall violations to $10,000 per illegal robocall. The call authentication technology adopted by the FCC is called STIR/SHAKEN. STIR/SHAKEN IS a technical standard that helps verify the authenticity of every call. It helps identify calls that are likely spoofed or fraudulent. However, it is insufficient to stop all illegal robocalls because STIR/SHAKEN works only with Internet protocol (IP) networks.
Because STIR/SHAKEN only works in IP networks, non-IP technology at any point in the call path creates a gap in the caller ID authentication scheme that bad actors can exploit. The loss of STIR/SHAKEN information for calls that traverse non-IP networks significantly undermines the value of the framework as a whole. In many cases, negating the value of the investment providers have made to authenticate their calls, leading to improper spam labeling or blocking by downstream providers. Commission rules thus obligate providers to either upgrade their non-IP networks to IP or work toward developing an alternative caller ID authentication solution for non-IP networks. (Draft Notice of Proposed Rulemaking, Docket 17-97, at para. 3).
While in a perfect world, all providers would have a complete IP network, that is years away. In response, the industry has developed new technologies to stop illegal robocalls in non-IP networks. In recognition of this, the FCC is prepared to initiate a Notice of Proposed Rulemaking (NPRM) in Docket 17-97 at its April 28, 2025, meeting, to begin the process of evaluating whether these technologies meet the criteria established by the TRACED Act and whether providers must implement such technologies in their non-IP networks. Specifically, in the NPRM, the Commission tentatively concludes that new non-STIR/SHAKEN technologies must be (1) fully developed and finalized by industry standards, and (2) reasonably available such that the underlying equipment and software necessary to implement such protocol is available on the commercial market.
Based on these criteria, the agency is prepared to accept two new non-IP technologies for providers to use, In-Band Authentication (ATIS-1000095.v002) and Out-of-Band Multiple STI-CPS Authentication (ATIS-1000096) which are both developed and reasonably available.
In-Band Authentication allows providers to transmit some of the same information as STIR/SHAKEN, with the call over the non-IP portions of the phone network. Under this standard, an originating voice service provider “comes to an agreement with the subsequent provider in the call path on how to share information about what it knows about the caller and its right to use the phone number along with the call.
Out-of-Band Multiple STI-CPS Authentication allows providers to send the same information about a call as STIR/SHAKEN on a separate track that is sent in tandem to the non-IP call signaling.
The agency is also considering a third non-IP caller ID authentication standard, Out-of-Band PASSporT Transmission involves publication and retrieval of some of the STIR/SHAKEN call information. Unlike Out-of-Band Multiple STI-CPS Authentication, every directly connected provider across non-IP segments of the call path must agree on the on the authentication of the call information.
Additionally, the Commission tentatively proposes to repeal the continuing extension from caller ID authentication requirements granted to providers that rely on non-IP technology;
Instead, it proposes to require that voice service providers, gateway providers, and non-gateway intermediate providers implement one of these acceptable non-IP caller ID authentication frameworks in their non-IP networks and certify in their Robocall Mitigation Database filings that they have implemented such frameworks.
Finally, the FCC proposes to give providers that continue to rely on non-IP technology two years from the effective date of these rules to implement one or more non-IP caller ID authentication frameworks and seeks comment on how the proposed compliance timeline relates to providers’ efforts to transition their networks to IP technology.
Industry comments on the Commission’s proposals will be due 30 days after the NPRM appears in the Federal Register. Reply comments will be due 30 days later.
PR Archives: Latest, By Company, By Date