At the FCC’s open meeting on July 13, 2017, the Commissioners voted in favor of a Notice of Inquiry (NOI) on call authentication frameworks to allow telephone service providers to identify fraudulent calls. The authentication procedures are intended to allow subscribers and carriers to know that callers are who they say they are. Initial comments in response to the NOI are due on August 14, 2017 and replies are due on September 13, 2017.
The Commission seeks comment on the three-phase process put forward by the Alliance for Telecommunications Industry Solutions (ATIS) and SIP Forum. Phase one involves the development of the Secure Handling of Asserted information using toKENS (SHAKEN) framework, based on the protocols developed by the Internet Engineering Task Force (IETF) Secure Telephone Identity Revisited (STIR) working group. As the Commission explains, “in the SHAKEN/STIR model, a call is authenticated when it is signed with a digital signature by an authentication service, operating on behalf of the party originating the call.” Phase two will define how the authentication services are to receive certificates in the first place. Phase three is still being developed by ATIS and the SIP Forum.
The NOI seeks comment on what the Commission should do, if anything, to promote adoption and implementation of authentication frameworks (such as the SHAKEN and STIR frameworks). The Commission asks for comment on the appropriate time frames and milestones for implementation of the frameworks. ATIS has suggested that the SHAKEN and STIR models require a “governance authority” and “policy administrator.” In the NOI, the Commission asks what entity or entities would best serve in those roles, recognizing that the Commission could serve some of the functions, but may not be best positioned to handle all aspects of the positions. Because the SHAKEN and STIR proposals apply to SIP-based, but not SS7-based systems, the Commission also seeks comment on the role of SS7 and other legacy technologies in this proceeding.
As with most items under Chairman Pai, the NOI seeks comment to inform a cost and benefit analysis. The Commission asks for high-level estimates of the costs of implementing call authentication, as well as estimates of the benefits of an authentication system. The Commission asks how these costs might be shifted among relevant stakeholders, and if end-user fees could be expected to cover service costs.
This proceeding is an outgrowth of the industry Robocall Task Force convened by Chairman Wheeler last year. The goal of the authentication framework is to better identify callers, so that any measures to combat unlawful or abusive calling patterns can be more reliably addressed by carriers. The action fits with Chairman Pai’s aggressive effort to end “robocalls” but, as with other actions, demonstrates a methodical approach to the problem. Despite broad goals, the action is a notice of inquiry only. The Commission would have to adopt a separate notice of proposed rulemaking before it can mandate any call authentication process.