On May 5, FCC proposed rule re caller ID authentication solutions.
FCC issued proposed rule, sought comment on additional measures to strengthen its caller ID authentication framework and further stem the tide of illegally spoofed calls.
Follows rules for intermediate call providers to implement STIR/SHAKEN, see #166593
Caller ID Authentication
Sought comment on use of third-party caller ID authentication solutions, including whether any changes should be made to FCC's rules to permit, prohibit, or limit use.
Also sought comment on whether to eliminate the STIR/SHAKEN implementation extension for providers that cannot obtain Service provider code (SPC) tokens.
Which are necessary to participate in STIR/SHAKEN caller authentication framework.
Consultation
Comments due on/before Jun. 5, 2023, reply comments due on or before Jul. 5, 2023.
Nov. 2024 FCC Adopted Rules
On Nov. 21, 2024, FCC reported rules, adopted Report and Order, re service providers utilizing third party in Caller ID authentication process, accountable for STIR/SHAKEN.
FCC requires most providers to implement STIR/SHAKEN on Internet Protocol (IP) portion of networks, some service providers rely on third-party authentication solution.
Defines third-party authentication where provider with STIR/SHAKEN implementation enters into agreement with another party to perform technological act of signing calls.
Includes hosted SHAKEN and carrier SHAKEN solutions; and excludes instances provider with STIR/SHAKEN implementation obligation authenticates its own traffic.
Authorizes providers to subject third-party subject to certain conditions, including must make all attestation-level decisions, consistent with technical standards requirements.
All calls must be signed using certificate of provider with implementation obligation.
Chair Rosenworcel issued statement on adoption of the Eighth Report and Order.
Eighth Report and Order is effective 30 days after publication in the federal register.