spam phone calls

FCC Says Carriers Have Until 2019 to Stop Robocalls

You’d be shocked at how many free trips I’ve won just in the past week, according to a very friendly talking robot. Photo-Illustration: Select All; Photo: Apple

The FCC is just as sick and tired of constant spam calls as you are.

“Combating illegal robocalls is our top consumer priority at the FCC. That’s why we need call authentication to become a reality — it’s the best way to ensure that consumers can answer their phones with confidence. By this time next year, I expect that consumers will begin to see this on their phones,” said FCC chairman Ajit Pai in a statement released Monday afternoon. “If it does not appear that this system is on track to get up and running next year, then we will take action to make sure that it does.”

Pai is referencing the STIR/SHAKEN protocol, a system that would essentially adopt the authentication tokens used on the internet for phone calls. One of the major problems in stopping phone spam is the extreme ease with which malicious actors can spoof a phone number. (This is why, over the past year or so, you’ve likely been besieged by phone calls from numbers that look nearly identical to your own, a practice known as “neighbor spoofing.”)

STIR/SHAKEN (or Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs) works roughly like this: An outbound call would carry a certificate, verifying that the call was actually coming from the phone number it purported to be coming from. The carrier on the inbound end would then run a check of the certificate’s public key against a heavily encrypted private key. An independent administrator paid for by the telecom industry and overseen by the FCC would issue certificates.

The main weakness in this system is that both outbound and inbound carriers would need to use STIR/SHAKEN — it won’t work if the system is being used on only one end of the phone call. This is where the FCC and Pai’s statement comes in. While most Americans use one of four major carriers in the United States — AT&T, T-Mobile, Verizon, or Sprint — there are still dozens of smaller regional carriers that would need to be incorporated into the system.

The statement doesn’t describe exactly what action the FCC would take against carriers who don’t adopt STIR/SHAKEN by 2019, though at the very least fines could be levied. At most, the FCC could potentially revoke the licenses of mobile carriers.

The FCC has already taken record-breaking action against robocallers: In April of this year, it hit Adrian Abramovich with a fine of $120 million — the largest in the agency’s history — for making over 96 million robocalls. But with billions of spam phone calls made every year, Abramovich’s work represents just a drop in the ocean of fake calls slamming the American public. Going after individual actors is unlikely to ever stop robocalls. Technological solutions like STIR/SHAKEN could, but only if all mobile carriers get on board.