The FCC’s Fourth STIR/SHAKEN Report and Order (“R&O”) went into effect on February 24, 2022. As explained in an earlier Advisory the R&O shortens the current two-year extension for some categories of small voice service providers (“SVSPs,” those with 100,000 or fewer voice service subscriber lines) to fully implement the STIR/SHAKEN caller ID authentication standards.
Original STIR/SHAKEN Deadline and Extensions
In 2020 the FCC imposed its STIR/SHAKEN implementation deadline of June 30, 2021 for most voice providers and granted two-year extensions to SVSPs and voice providers that are unable to obtain the “token” necessary to implement STIR/SHAKEN. The carriers that took advantage of the extension were required to file Robocall Mitigation Plans (“RMPs”) by the original deadline and could wait until June 30, 2023 for full implementation.
Carriers Subject to Truncated Extensions
In an effort to expedite the eradication of illegal robocalls, the FCC curtained the deadline for non-facilities-based SVSPs (i.e., those that offer voice services to end-users solely using connections that are not sold by the provider or its affiliates). Those entities are now required to fully implement STIR/SHAKEN in the IP portions of their networks by June 30, 2022.
Steps to STIR/SHAKEN Compliance
Non-facilities-based resellers must incorporate the required analytics in the IP portions of their networks to deploy the necessary STIR/SHAKEN capabilities. There are also six required administrative steps such providers must take in order to be fully compliant.
- Step 1: Obtain an Operating Company Number (“OCN”). These are assigned by NECA and used to identify companies in other telecommunications resources.
- Step 2: Register with the Policy Administrator. The Policy Administrator (iconectiv is the designated “PA”) evaluates and authorizes certain trusted third parties to act as Certification Authorities (“CAs”) and issue SHAKEN digital certificates to service providers. This both protects the authenticity and validity of the certificates and prevents people who shouldn’t be signing calls from getting a certificate. Iconectiv is responsible for coordinating, registering, and verifying CAs through a closely controlled process outlined by the Secure Telephone Identity Governance Authority (“STI-GA). ATIS manages the STI-GA, defining the rules governing the certificate management infrastructure to ensure effective use and security of SHAKEN certificates.
- Step 3: Get a token from the PA. Carriers must request a service provider code or token from the PA. If the PA validates the service provider and approves the request, they then provide a token to the service provider with contains the OCN, and authorizes the service provider to request a certificate from a CA.
- Step 4: Select a CA. Secure Telephone Identity Certification Authorities (“STI-CAs”) are critical to call authentication. CAs will be responsible for assigning digital certificates to authorized service providers that will be used to ensure calls get proper caller ID. The PA maintains an up-to-date list of all authorized certificate issuers, which is available to all service providers. Every Certification Authority must be authorized by the PA to issue SHAKEN certificates, and they are the only means through which service providers can obtain STIR/SHAKEN certificates and comply with the TRACED Act.
- Step 5: Request a Certificate. To get a certificate, service providers need to submit a certificate signing request “(CSR”) and send it with their token to the CA. If the application is approved, the CA issues a certificate to the service provider.
- Step 6: Update the FCC’s Robocall Mitigation Database to certify as fully STIR/SHAKEN compliant.
Here to Help
The CommLaw Group formed a “Robocall Mitigation Response Team” to help clients tackle their unique responsibilities. We can assist you with any and all of the steps necessary to make your firm fully STIR/SHAKEN compliant. As the FCC is actively enforcing its STIR/SHAKEN rules, it would behoove your company to obtain compliance sooner rather than later.
Michael Donahue — Tel: 703-714-1319 / E-mail: mpd@CommLawGroup.com
Ronald E. Quirk – Tel: 703-714-1305 / E-mail: req@CommLawGroup.com
ATTORNEY ADVERTISING DISCLAIMER: This information may be considered advertising in some jurisdictions under the applicable law and ethical rules. The determination of the need for legal services and the choice of a lawyer are extremely important decisions and should not be based solely upon advertisements or self-proclaimed expertise. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers.