Last week’s bulletin concentrated on the evolving design of a solution for impersonation fraud that would be based on taking a third party’s confirmation of the identity of a business and securely communicating it via a digital signature. Chris Wendt, formerly of Comcast and now of Somos, is seeking to plug a glaring hole in the STIR/SHAKEN architecture that he helped to create. Wendt’s fix comes in the draft VESPER standard he co-wrote and submitted to the Internet Engineering Task Force (IETF). VESPER would add the crucial ability to include verifiable proof within a signature that the originator of a call has the right to use the identity associated with the call. This week, Somos made their intentions even plainer by publishing a lengthy article on the topic. It does not mention VESPER directly, but the intention is clear. Here are some key excerpts from the piece.
STIR/SHAKEN… has not fully addressed the root issues of trust in communications. One of the major shortcomings is the absence of a robust Know Your Customer (KYC) process, which would ensure proper vetting of enterprises and establish their legitimate Right-To-Use (RTU) of the number. Without verifying the association between enterprises and their phone numbers, STIR/SHAKEN falls short of ensuring that calls are not only authenticated but also trusted.
…without proper vetting and KYC processes, there is a risk that even fraudulent calls could present [Rich Call Data] RCD, further complicating the trust landscape. This fragmented approach undermines the potential benefits of RCD and diminishes consumer trust.
One way to address these limitations is the expansion of the framework that the telecom ecosystem leverages to present calls to end users. Currently, there are Proof of Concepts (POC) initiatives in market that utilize telephone number authorized delegate certificates. These delegate certificates enable the party with the right to use a telephone number to be an authorized signer representing a trusted presentation to any terminating service provider authenticating a call end-to-end. Today, calls that lack a trusted delegate certificate are not being blocked, but the industry is moving toward a broader adoption of this practice to help prevent fraudulent calls from reaching a consumer. This non-monopolistic approach is establishing a more trusted framework, helping to restore confidence in the telecom ecosystem.
Note the use of the word ‘non-monopolistic’. A lot has been said about the US industry taking a ‘step in the direction’ of restoring trust in calls, but without presenting a complete roadmap of how they intend to arrive at their destination. This has been convenient for big US businesses that appeared to be using crime to justify the creation of new and lucrative monopolies. This would also explain their intense interest in lobbying wealthy countries to copy the US strategy. The hollowness of this strategy should be apparent to anyone who appreciates that scam calls may originate anywhere in the world, not just in rich countries, so any global monopoly would need to price its services at a level that even the poorest countries would be prepared to pay.
Profit is important but power is more important. The lazy assumption behind the monopolistic plans was that foreign governments would simply go along with the monopolists because nobody would offer an alternative to the problem of scamming. This reasoning is inane; corrupt governments want transnational scams to originate in their countries as a means to generate income. The would-be monopolists have also ignored the realities of international relations. A lot of countries have been trying to break the unique stranglehold on international trade that the US can exercise through banks because of the worldwide reliance on the dollar. These countries failed to apprehend the significance of US institutions gaining dominance over the internet until it was too late, but they are not going to repeat the same mistake with telephony. A more pluralistic approach is required to appease the various authorities who have a vested interest in telephony, and it is good to see that this is starting to be recognized by technologists too.



