Tech

Expanded robocall blocking has begun—but there are still “too many loopholes”

Smartphone screen displays

Enlarge (credit: Getty Images | RobertAx)

In a new milestone for the US government’s anti-robocall efforts, phone companies are now prohibited from accepting calls from providers that did not comply with a Federal Communications Commission deadline that passed this week. “Beginning today, if a voice service provider’s certification and other required information does not appear in the FCC’s Robocall Mitigation Database , intermediate providers and voice service providers will be prohibited from directly accepting that provider’s traffic, ” the FCC said yesterday .

Specifically, phone companies must block traffic from other “voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC. ” As we’ve written , the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols verify the accuracy of Caller ID by using digital certificates based on public-key cryptography.

STIR/SHAKEN is now widely deployed on IP networks because large phone companies were required to implement it by June 30 this year, but it isn’t a cure-all. Because of technology limitations, there was no requirement to implement STIR/SHAKEN on older TDM-based networks used with copper landlines, for instance. The FCC has said that “providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks. ”

Read 8 remaining paragraphs | Comments