There was some notable resistance amongst the responses to proposals from the Federal Communications Commission (FCC), the US comms regulator, that would require international wholesale carriers to implement STIR/SHAKEN, the CLI authentication protocol. The idea always seemed barmy to me: why waste millions of dollars on technology that only really works if implemented end-to-end when you know that none of the foreign telcos that originate calls will voluntarily adopt it, and the US regulator has no realistic hope of imposing it upon them? However, I underestimated the strength of opposition to the proposal from within US telcos. A recent FCC filing reveals that three key individuals working for AT&T, Lumen and Verizon have lobbied against the proposal. Those three telecoms leaders are:
- Linda Vandeloop of AT&T, who is also the Chair of the STI-GA governance authority for STIR/SHAKEN in the USA
- Phil Linse of Lumen, Chair of the Non-IP Call Authentication Task Force of ATIS, the North American standards body, and a member of the STI-GA Board by virtue of his being appointed by the USTelecom industry association
- Chris Oatway of Verizon, one of the authors of Verizon’s particularly critical response to the FCC consultation on applying anti-robocall rules to international carriers
Vandeloop, Linse and Oatway spoke to several representatives of the FCC’s Wireline Competition Bureau and its Consumer and Governmental Affairs Bureau. Normally you would expect professionals who reached the top echelons of corporate law and regulatory affairs to be especially diplomatic in their choice of words, but the content of the subsequent filing suggests they did not hold back when explaining why they opposed demands for international carriers to attach STIR/SHAKEN signatures to phone calls.
Consistent with USTelecom’s comments and reply comments, we explained that new gateway-provider specific requirements – and in particular, a requirement that gateway providers sign unauthenticated traffic – would create a substantial burden for some providers for an insubstantial benefit. As a practical matter, gateway providers in most circumstances will sign calls with C-level attestations under any such mandate. While C-level attestations in theory could allow quicker identification of the gateway provider, the industry traceback process has become so quick and efficient that C-level attestations offer at best a marginal benefit for traceback. There also is limited analytical value of such attestations, which are just as likely to be assigned to illegal calls as they are to be legal, wanted calls. But despite the limited benefit, the proposed requirement would impose a substantial cost – in the tens of millions of dollars – on some providers. It thus would fail any reasonable cost-benefit analysis.
STIR/SHAKEN is designed to support three levels of attestation, where only the A-level attestation applies to calls that have been authenticated from their true origins. International carriers receiving a call which had not already been signed will generally only be able to attest to the call at the C-level because they have no way of telling if the A-number associated with the call is genuine or not. They would hence need to spend considerable money on upgrading network technology just to attach meaningless signatures to calls.
The quoted filing was written by Joshua Bercu, Vice President for Policy & Advocacy at USTelecom, who joined Vandeloop, Linse and Oatway on the call with the FCC. It is clear that some of the biggest US telcos believe they should pursue an anti-robocall strategy that places more emphasis on the work done by the Industry Traceback Group (ITG) run by USTelecom. As its name suggests, the purpose of ITG is to determine the true origin of illegal calls. This group would rather see resources devoted to targeted investigations of big spam campaigns instead of trying to implement a universal architecture for determining the origin of every single call. They likely judge that a relatively small number of crooked businesses generate the majority of nuisance robocalls, so identifying and disabling those bad actors will yield the quickest returns. The FCC referenced the work of the Traceback group when issuing a new batch of cease-and-desist letters to three telcos accused of facilitating illegal robocalls.
Linda Vandeloop will be amongst the speakers at the RAG New Orleans conference, to be held at the University of New Orleans on April 5 and 6. Employees of comms providers, digital service providers, regulators and law enforcement can obtain free seats for the conference by registering here; more information about the conference can be found here.
