If you have received an automated call to your home phone or smartphone recently, you’re not alone. The Federal Communications Commission (FCC) estimates that, if nothing is done to combat the problem, robocalls could represent nearly half of all calls in 2019.
The The Washington Post reports that this increase in robocalls is part of a multi-year trend where spam has jumped from 3.7 percent of total calls in 2017 to 29 percent this year. This dramatic increase has finally forced the FCC into action. An FCC press release this past week says the federal organization “will do everything we can to catch and stop spammers” and that it’s urging VoIP providers to “implement tools to speed the traceback process” to catch spammers in the act.
Furthermore, the FCC issued letters to 14 prominent telecommunications companies demanding that they implement the SHAKEN/STIR method of call protection. The Commission’s rhetoric includes the promise that it will “take action” if the telecoms do not fall in line.
What is SHAKEN/STIR?
The Signature-based Handling of Asserted Information Using toKENs (SHAKEN) specification and Secure Telephone Identity Revisited (STIR) protocol provide methods for caller identification. They appear to be the best chance the telecommunications industry has in defending the public against robocalls.
You can think of these protocols as the equivalent to websites that use the https:// communications protocol. In short, https:// sites differ from ordinary http:// sites because they use a method of encryption called Transport Layer Security (TLS). TLS makes sure that the information you send from your computer to a website is unable to be read by any entity except you and the website you want to reach.
TLS is essential for online banking, purchases on e-commerce sites, and sensitive communications between individuals. In addition to encryption, TLS also identifies the parties involved (in this example, you and the website) so bad actors can’t get in the middle and intercept your communications.
SHAKEN and STIR offer similar protections. SHAKEN defines the framework within which STIR can function. They work together in your phone system to identify callers and make sure that calls on a SIP session originate from an approved location.
How Does This Affect VirtualPBX?
The robocall spam you receive happens from within networks that use IP-based calling mechanisms. Spammers use the same type of technology that much of the telecom industry, including VirtualPBX with its Business Phone Plans, uses to process legitimate calls.
Spammers can enter the market for an extraordinarily low cost. They can also rely on the fact that the system isn’t inherently built to stop them. There’s no mechanism in place to establish secure, verified SIP calling sessions in a way that combats spam.
SHAKEN/STIR can effectively shake up (sorry) the situation by creating a mechanism where information stored in each calls verifies the legitimacy of the caller. It will also work with non-SIP parts of calls to further validate call origination along its path.
You can read more about how the PSTN handles VoIP calls in a feature on our blog. For this robocall issue, understand that there are parts of the public phone system that use the internet to manage calls. Not all of the information used in an IP-based call is necessarily used in an analog call, but SHAKEN/STIR should have the ability to authenticate data through the entire path, regardless of the underlying platform.
Protecting the Consumer
VirtualPBX and other hosted phone service providers use carriers – including the ones the FCC addressed in its letters – to move calls between their endpoints. The adoption of SHAKEN/STIR methods across the board will be good both for individual consumers and our business customers.
When we hand off calls to carriers, we can be sure that their internal processes verify the authenticity of those calls. This situation will hurt spammers’ ability to flood our customers’ phones with robocalls, and it will create a more secure network for calling overall.
We’re excited to see what the telecom industry will do with these new spam-fighting processes. And we certainly hope that, in the coming months, the number of robocalls inundating the public will shrink and disappear.