What is STIR/SHAKEN?

STIR/SHAKEN is a technology framework designed to reduce fraudulent robocalls and illegal phone number spoofing. STIR stands for Secure Telephony Identity Revisited. SHAKEN stands for Secure Handling of Asserted information using toKENs.

The FCC has adopted rules requiring service providers to deploy a STIR/SHAKEN solution by June 30, 2021.

What’s the difference between STIR and SHAKEN?

STIR is a working group within the IETF, an internet standards body, which has developed a set of protocols used to create a digital signature for a call. The signed call includes information about the calling party and allows for verification of the signature by the terminating provider.

SHAKEN are the standards for how STIR is to be deployed by service providers within their networks.

Why is STIR/SHAKEN so important?

Between 3 and 5 billion robocalls are made each month, and research suggests that more than 40% of those calls are thought to be fraud-related.

STIR/SHAKEN is an industry-wide initiative to restore trust in our voice communications. Its goal is to prevent fraudsters from scamming consumers and businesses through robocalls and illegal phone number spoofing, while making sure that legitimate calls reach the recipient.

How it works

Outbound Calls

Right now, when you place an outbound call, you are only sending the 10 digits of your Caller ID to the PSTN and eventually to the person you are trying to call. Today it is up to you, the customer, to provide accurate information to GTI Global so that we can send it to the called party. STIR/SHAKEN changes that relationship and makes GTI Global verify that the Caller ID information that you are sending is indeed accurate.

This is accomplished by the GTI Global Network adding a new “Identity” header in the SIP Invite that we send on your behalf to the PSTN. Don’t worry – there is no personally identifying information in these headers; the information in them only references GTI Global – not customers directly. However, by us signing these INVITES, we are guaranteeing to the called party that we have a verified relationship with the calling party and can facilitate tracebacks in cases of fraud. (this means we can help the FCC, DOJ, FBI, etc find people if they do something shady).

What The Future Holds

STIR/SHAKEN is a huge step forward in telecom for two reasons.

1. STIR/SHAKEN will make call spoofing a thing of the past
2. STIR/SHAKEN will, eventually, end robocalling. Sorta…

Most immediately, STIR/SHAKEN will put an end to call spoofing. We’re about to enter into a world where people calling your Grandma claiming to be from Microsoft will no longer be feasible. Sure – they technically could still place those calls – however they’d be easy to find and prosecute.

Additionally, once Caller ID information is verified, it’s possible to transmit additional and verified information in the call beyond just a phone number. Instead of an unsolicited (but STIR verified) call from “(800) 221-1212,” it will say “Delta Airlines calling in regards to your upcoming flight.”

That leads to the other goal of STIR/SHAKEN – ending Robocalling… sorta. When customers think of robocalling, they think of random people from overseas calling their cell phone a thousand times selling them a car warranty. By forcing these spammers to accurately identify themselves, they’ll be much easier to find and stop. In almost all cases, modern spam calling is done in violation of laws that are already written and heavily enforced. By being able to quickly find and prosecute violators of these laws, it will suddenly be a lot more expensive and risky to randomly call you and try and sell you a car warranty for a car you don’t even own.

However, not all robocalling is illegal. This is where the “sorta” comes in. There are legal reasons for you being robocalled. The most common robocall that you actually want are things like your children’s school being closed for snow days, your bank calling you about fraudulent activity, or Delta Airlines calling you about your flight. These are the robocalls that you want – and are authorized under laws like the TPCA.

There are also robocalls that are legal that you don’t want. Your insurance company calling you to try and sell you a new policy are both unsolicited and unwanted. However, they’re also probably legal – most companies will have “we can robocall you” in their terms of service.  STIR/SHAKEN will not impact these kinds of calls. That being said – once the FCC has the ability to quickly find and prosecute violators of laws, they can get more and more precise with how consumers are allowed to be pestered. This is a dramatic change to the status quo – the FCC can write all kinds of laws, but if they can’t stop violators they aren’t worth the paper they are printed on.