At the end of last December, the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act was signed into law. The act increased the legal severity of illegal robocalls and expanded the Federal Communications Commission’s (FCC) power and authority in regards to robocalls in general. The act directed the FCC to mandate that the STIR/SHAKEN protocol be implemented by phone carriers no later than eighteen months after the act’s enactment date. The FCC has now affirmed that mandate, officially marking June 30th, 2021 as the date by which phone carriers must implement the authentication protocol. However, the FCC’s mandate includes an exception for small carriers, which are classified as those with “100,000 or fewer voice service subscriber lines.” Small carriers will have an extra year to implement the protocol.
Secure Telephone Identity Revisited and Secure Handling of Asserted information using toKENs (STIR/SHAKEN) is intended to combat caller ID spoofing through the addition of an authentication protocol implemented by phone carriers. The protocol requires that a caller’s phone carrier cryptographically sign the Session Initiation Protocol (SIP) header with a digital certificate containing information about the caller and the validity of the calling number. The phone carrier of the party receiving the call must also perform a check against the information contained in the digital certificate. Both the originating and receiving phone carriers must rely on particular authentication and verification services, whether they be third part services or software run by the phone carriers themselves. The results of the verification process are to be conveyed to the receiving party in some manner, indicating whether the caller ID is likely to be spoofed.