Lies, Damn Lies, Statistics and STIR/SHAKEN

The use of networks to spread disinformation has become a subject of great concern, and one widespread example of disinformation is spoofing the CLI of a phone call in order to disguise its true origin. So it is ironic that some of the businesses that sell STIR/SHAKEN as a mechanism to prevent spoofing are also responsible for generating so much disinformation about STIR/SHAKEN. Instead of giving a balanced analysis of its strengths and weaknesses, they insist on pushing absurdly optimistic promises about STIR/SHAKEN’s effectiveness, despite the mounting evidence that the US deployment has been an expensive and embarrassing failure. Perhaps the lies that insist STIR/SHAKEN will inevitably succeed need to get bigger and bigger to overcome the stubborn resistance offered by objective facts. There is no other way to explain this nugget of nonsense from a new STIR/SHAKEN sales brochure research report by Juniper Research.

North America continues to be the most impacted region by fraudulent robocalls as its affluent nature provides larger monetary opportunities for fraudsters and will account for over half of the losses attributable to robocalling this year. However, we estimate that STIR/SHAKEN has reduced the year-on-year growth of fraudulent losses to robocalling in the region by 85% between 2022 and 2023.

Setting aside the difficulty of measuring the value of frauds that did not occur, the claim that losses were curbed by 85 percent is fanciful for one simple reason. After severe delays, half a billion dollars of expenditure and much technical striving, the USA has only applied STIR/SHAKEN to 27 percent of phone calls so far. What kind of statistical model could show 85 percent of the growth in fraud was prevented by applying a technology to only 27 percent of calls? Does it not occur to fraudsters that STIR/SHAKEN has no impact on their ability to commit fraud with the other 73 percent of calls?

This comically stupid statistic is not an isolated example of disinformation. Since 2018, the American public has been repeatedly told that the number of illegal robocalls would soon be reduced as a result of STIR/SHAKEN. Efforts were made to spread that lie in other countries too, except that the passage of time and the failure to deliver has made fools of the liars. None of the promises made for STIR/SHAKEN were kept, whether it was the promise that it would increase the effectiveness of blocking algorithms (Verizon explained why it does not), that calls signed using STIR/SHAKEN are less likely to be nuisance robocalls (data from STIR/SHAKEN providers explains why they are not), or that STIR/SHAKEN could be rolled out universally (the continuing failure to make it work for most calls in the USA has demonstrated how ridiculous that boast was).

Having fallen a long way behind the originally promised schedule, and with little to show for the enormous amount of money and effort devoted to STIR/SHAKEN, Juniper Research has invented a completely new timeline for its supposed success.

By 2025, fraudulent losses arising from robocalling are anticipated to decline for the first time in North America, owing to the widespread adoption of this framework.

Anticipated by whom? I previously documented 14 occasions when experts promised the impact of STIR/SHAKEN would be greater than it has been. If promises had been kept then fraud losses would be falling already. Any charlatan will continue predicting outcomes if you never challenge them about past predictions that proved to be wrong. These experts are all still forecasting the success of STIR/SHAKEN as if it is inevitable, but without bothering to explain the gulf between previous projections and the results delivered so far.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.