The USA’s Secure Telephone Identity Governance Authority (STI-GA) recently announced that it is seeking interest from organizations that would like to serve as Certificate Authorities. The primary function of these authorities will be to assign, renew and revoke STI operator certificates. This brings the US telecoms sector another step closer to the implementation of SHAKEN and STIR protocols to prevent the spoofing of caller IDs.
Mid-December 2019 has been adopted as the target for having the STIR/SHAKEN ecosystem fully operational in the US. There is a still a lot of work to do in order to meet that deadline by assigning suitably capable organizations to play all the critical roles in the US model.
The approach that has been adopted sees the STI Policy Administrator (STI-PA) role sit beneath STI-GA’s SHAKEN governance structure. Network and operations management specialists iconectiv were appointed to be the STI-PA in May. The role of the administrator is to apply and enforce the rules set by the STI-GA, hence making the SHAKEN framework operational. The STI-PA will approve the STI Certificate Authorities (STI-CAs) that will actually issue the digital certificates to service providers so their traffic is authenticated.
Linda Vandeloop of AT&T (pictured speaking during the anti-robocalling panel at RAG Kansas 2018) also serves as the Chair of the STI-GA. She welcomed the appointment of iconectiv, saying:
The industry-led STI-GA Board is excited to announce the selection of iconectiv as the Policy Administrator. iconectiv has an excellent reputation within the industry and we felt they were the right choice to advance the work to implement SHAKEN this year.
Though the US is the birthplace of SHAKEN and STIR, the problem of caller ID spoofing also affects Canada. In May 2019, the STI-GA hosted an update webinar introducing the Canadian Governance Authority, which will replicate the governance structure being rolled out in the US, to ensure that the protocols are effective ‘cross-border’.
The Canadian telecoms regulator, the Canadian Radio-television and Telecommunications Commission (CRTC) will oversee adoption in their country. The associated governance framework will be called the Canadian Secure Token Governance Authority (CSTGA) and will be led by Executive Director Marian Hearn.
The STI-GA press release about certification authorities can be found here.