Chinese telcos are set to comply with a new national standard for assuring the identity of phone callers. Standard GB/T 43779-2024 was published on April 25 and has a name which translates as “technical specifications for trusted identity authentication of calling users based on password tokens”. The implementation date has been set as November 1 of this year.
The standard was produced by China’s National Network Security Standardization Technical Committee. Telcos that belong to this committee include three of the world’s five biggest operators as measured by the number of phone users: China Mobile, China Unicom and China Telecom. Manufacturers represented on the committee include Huawei and ZTE from China and Samsung from South Korea. Other participants include: the University of Chinese Academy of Sciences, the China Electronics Standardization Institute, the China Academy of Information and Communications Technology, and Wuhan University. Jing Jiwu, a Professor at the University of Chinese Academy of Sciences, is described as the leading author.
I have yet to obtain a copy of the standard, but ScienceNet.cn describes it as “a method to protect legitimate user identities that provides a forward technical path to solve the problems of identity counterfeiting and harassment in communication networks”. They compare it favorably to “the American STIR/SHAKEN solution”. The advantages listed for the Chinese standard include the way it “fully leverages the identity capabilities of communication terminals” and the promise that it “supports more flexible identity services”.
That China would create a rival to STIR/SHAKEN was utterly predictable. China started its crackdown on phone scammers way back in 2016, well before Western governments woke up to the scale of the problem. China’s proactive approach involves aggressively pursuing Chinese-language scammers based in foreign countries, prompting former AT&T fraud investigator Tom Walker to commend China for “spending resources and political capital on building relationships with law enforcement all over the globe in order to protect its citizens from transnational fraud” whilst he complained that the USA “needs to take protecting its citizens from transnational fraud more seriously”. STIR/SHAKEN was hyped to the American public as “the beginning of the end of robocalls” and has long been presented as the centerpiece of the US strategy for tackling scam and spam calls but the combination of an expensive price tag and lackluster results have doomed the prospect of STIR/SHAKEN being implemented universally. Global adoption of STIR/SHAKEN would have provided US entities with tremendous intelligence about who is calling whom around the world, as well as positioning them to ultimately decide whose international traffic would be blocked. This was an obviously untenable situation for China given the banning of Chinese telcos and network manufacturers in the USA and the extent of US diplomatic efforts to persuade other countries to stop doing business with Chinese companies too.
China’s large population and the considerable Chinese-speaking populations of many growing economies in the Asia-Pacific region mean their call identity technology is better placed for international acceptance than STIR/SHAKEN. The Chinese authorities have been both forceful and generous when working with other countries to tackle Chinese-speaking fraudsters situated around the world. That accumulation of influence can now be exercised in persuading other countries to follow China’s lead in how they verify the identity of callers, just as other countries have been eager to purchase advanced mobile networks from Huawei and ZTE. Even US citizens benefit from China’s aggressive anti-scam program though this is never acknowledged by US authorities. Award-winning research by the North Carolina State University has proven that a non-trivial portion of nuisance calls received by US phones play messages recorded in Mandarin Chinese.
Western countries have invested too much faith in wonder technologies that were supposed to stop scam and spam phone calls without addressing hard questions about who defines which international calls are illegal and who decides which international calls will be blocked. Persuading other countries to pool sovereignty over decisions that will determine whose traffic will be prohibited requires different talents to those exhibited by an engineer when specifying a technical method of attaching identity data to a phone call. Authorities in the USA have been especially guilty of wishful thinking about the extent to which other countries would welcome a new transnational regulatory regime that was meant to permit big US corporations to spoof the origin of international telemarketing calls whilst pretending that rudimentary know-your-customer checks would prevent bad actors from connecting their calls too. Meanwhile, China’s authorities showed real leadership by working with law enforcement in other countries to arrest the scumbags who run scam call centers that are often staffed by victims of human trafficking. We will have to see how effective China’s new technological tools are at preventing crooks from disguising the origin of calls, but offering a rival method to STIR/SHAKEN is another hammer blow to a US strategy that assumed other countries would unconditionally accept American leadership in call identification and blocking.
An overview of standard GB/T 43779-2024 can be found here.
