By: Andrew Regitsky
The FCC is busy meeting the Congressional requirement that all voice service providers must implement STIR/SHAKEN in their networks within 18 months of the law’s enactment. That deadline just occurred on June 30, 2021.
STIR/SHAKEN is short for Signature-based Handling of Asserted information using toKENs for Secure Telephone Identity Revisited. It is a robocall fighting protocol that provides a digital signature for every call, so an illegitimate call is identified and blocked. It enables phone companies to verify the accuracy of caller ID information that is transmitted with a call.
In March of last year, the Commission released a Report and Order in Docket 17-97 requiring implementation of STIR/SHAKEN by voice grade providers in the IP portions of their networks. This was followed in October with A Second Report and Order concentrating on non-IP and intermediate carriers. It mandated the following:
Voice service providers must either upgrade their non-IP networks to IP and implement STIR/SHAKEN, or work to develop a non-IP caller ID authentication solution.
An extension of the June 30, 2021, caller ID authentication implementation deadline was established for (1) small voice service providers, (2) voice service providers that are currently incapable of obtaining a “certificate” necessary to implement STIR/SHAKEN, (3) services scheduled for discontinuance, and (4) non-IP networks.
However, voice service providers subject to an extension must implement a robocall mitigation program on the non-STIR/SHAKEN-enabled portions of their networks.
Crucially, all voice service providers must file a certification in a Commission database showing how they are acting to stem the origination of illegal robocalls.
One provision in the Second Report and Order went largely unnoticed. A requirement stating that U.S. intermediate and terminating voice service providers must block any voice traffic from any foreign voice service provider that does not appear in the Commission’s robocall mitigation database.
The due date for foreign providers to register in the database is September 28, 2021. And as AT&T recently pointed out to the Commission, relatively few foreign providers have complied.
Despite AT&T’s extraordinary efforts to educate its foreign service provider partners, as of June 23, 2021, approximately only 20 percent of foreign providers that use telephone numbers that pertain to the U.S. to send voice traffic to AT&T subscribers in the U.S. have successfully registered in the FCC’s Robocall Mitigation Database. AT&T has sent out multiple notices to its international partners. Many are still struggling to understand the requirements and others have run into technical problems registering. (Docket 17-97, AT&T June 24, 2021, letter to Marlene Dortch at the FCC).
Why is the fact that few foreign voice providers registering in the database a problem? Well as CTIA – The Wireline Association pointed out in a Petition for Partial Reconsideration; with a blocking rule in effect, wireless roaming for Americans in foreign countries could be severely impacted.
Call completion is a primary objective and consumer expectation in our connected, global telecommunications system, and is made possible for U.S. consumers when travelling or living abroad through international wireless roaming, including 3G wireless roaming. Wireless roaming is a complex endeavor, which is more complicated internationally, as U.S. mobile network operators have roaming agreements with hundreds of overseas network operators to enable U.S. consumers to remain connected no matter where they travel or move. There are over 750 global mobile network operators, and there is at least one foreign provider in each country that interconnects with U.S. providers. When a mobile wireless consumer abroad uses a U.S. phone number to call a consumer in the United States, that call may be routed from an originating foreign provider’s network over long distance routes that involve multiple foreign mobile network operators often on the basis of least cost routing to reach a U.S. intermediate or terminating provider for delivery to the intended recipient. Under this framework, there are a number of hand-offs for a call on its way back to a U.S. consumer, and any one of hundreds of foreign providers could be chosen as the final foreign provider in the call path that interconnects with a U.S. intermediate or terminating provider. If that final foreign provider fails to implement a robocall mitigation program and certify to such in the Commission’s database, all of that foreign provider’s traffic—including legitimate, legal traffic—would be prohibited from reaching the intended recipients under the Foreign Provider Prohibition. As a result, the Prohibition would risk significant call completion issues for wireless calls from hundreds of foreign providers’ networks, from any mobile wireless consumer using a U.S. phone number to make a call from abroad. (Docket 17-97, Petition for Partial Reconsideration of CTIA, filed December 17, 2020, at pp. 3-4).
It is ludicrous for the FCC to believe that the short time period it has mandated for foreign providers to implement its database requirement is sufficient There is still time for the Commission to admit its mistake and agree with CTIA. The requirement for foreign carriers should be lifted until a record is established to determine a more reasonable time period for compliance.