Via Electronic Filing
Ms. Marlene H. Dortch, Secretary
Federal Communications Commission
445 12th Street, S.W.
Washington D.C., 20554
Dear Ms. Dortch:
On Tuesday, June 9, 2020 and Wednesday, June 10, 2020, Rebekah Johnson, CEO of Numeracle, Inc.,Doug Ranalli, Founder and Chief Strategy Officer of NetNumber, Inc. participated in two separate meetings with the Commission in connection with the above-referenced dockets.
The first meeting we met via teleconference with Pamela Arluk, Annick Banoun, Matthew Collins, Connor Ferraro, Daniel Kahn and Mason Shefa from the Wireline Competition Bureau, as well as Kenneth Carlberg from the Public Safety and Homeland Security Bureau. The second meeting, on June 10, was with Travis Littman in Commissioner Rosenworcel’s office.
During these meetings, we discussed how service providers will comply with the TRACED Act’s authenticate caller ID requirement. To authenticate caller identification information through SHAKEN, the originating voice service provider will determine which of the three attestation levels it will assign to the call. The SHAKEN standards for assigning attestation level requires the originating voice service provider to determine the identity of the calling party and its authorization for use of the number before determining whether to assign A, B or C. Based on SHAKEN standards, the originating service provider will establish a rigorous policy to identify the entity of the caller and authorization for the use of the number to sign with A attestation. Due to the available data in the current standard, the industry expects a flood of legal enterprise calls to be downgraded to a C level attestation.
After reviewing the attestation levels, we compared and contrasted two proposed solutions for elevating signing to A level attestations for enterprises through Delegated Certificate and Central Telephone Number Database (Central Database Registry) from the ATIS SIP Forum IPNNI Joint TaskForce, Study of Full Attestation Alternatives for Enterprises.
Utilizing either the Central Database or Delegate Certificate, the originating service provider can access the number and identity information to provide A level attestation. Both approaches advocate for a “Know You Customer” (KYC) process on the identity of the caller and a process for the authorized use of the telephone number.
To achieve the authenticated caller ID information as defined in the TRACED Act, we outlined the following requirements for which policies can be derived:
• Entities originating calls on the public network must be known and vetted (Know YourCustomer)
• Right to use the Telephone Numbers and Toll-Free Numbers must be verified by the telephone number provider or RespOrg
• Entities originating calls must be securely identified at the time of the call so the destination can trust the origin of the call and request traceback
The shortcomings of the easy and fast solution for the voice service providers through Central Database Registry, compromises the security, integrity, reliability, and traceability of the authenticated caller ID information as defined in the TRACED Act. Noted in the meeting, the Central Database Registry is repurposing the CNAM registry model for the originating provider. The CNAM registry has proven it cannot be relied upon for accuracy.
Registries have a purpose for static data such as the Do Not Call data. For dynamic and complex enterprise solutions, verifying the telephone number to vetted identity must exist in a dynamic distributed model such as through delegated certificates. When dynamic data is stored in a static registry the result is stagnate data. Stagnate caller ID information, even if authenticated at the time it is stored, will be the undoing of all the work of the FCC in supporting the TRACED Act. The upcoming ruling from the FCC is the critical marker for STIR/SHAKEN success or utter failure if the baseline of truth in caller ID information is not established.
Finally, the impact on international end entity identification is supported through the SHAKEN delegated certificate model by integrating into the oversight and policy of the STI-GA, STI-PA and STICA. With the end-entity certificates for A-level attestations, U.S. gateway providers could pass along verified identity information with the assurance of knowing the end-entity signing the call with A Level attestation has implemented a rigorous policy for attesting to the caller ID information.
We asked the FCC to encourage rigorous policies for voice service providers to obtain reliable, traceable, and secure enterprise vetted data for signing with A-Level attestation. We believe the spirit of the TRACED Act demands that enterprise customers who originate calls be vetted before receiving A-level attestation and identified accurately on a call-by-call basis so that accurate traceback can be performed. The information obtained in this rigorous vetting process will be transferable and highly trusted by the end subscribers and achieve the intentions of the TRACED Acton a global scale.
Numeracle also distributed technical flow diagrams of the attestation process and two proposed solutions to the enterprise problem (enclosed herewith).
Rebekah Johnson, CEO
Cc (via email)
To view the technical flow diagrams referenced within, please reference: https://ecfsapi.fcc.gov/file/10612898300441/ExParte_Numeracle%20(1).pdf