Cross-Border Communications
We're keeping an eye on regulatory updates on gateway providers, impacting international communications
International STIR/SHAKEN implementation

Adjusting from a Single-Country Perspective

Just because the United States is the first to deploy STIR/SHAKEN, does not mean it is a U.S. - specific technology.
When the STIR/SHAKEN standards were being defined, they were written as if from a single country perspective because it was intended to eventually be deployed abroad country-by-country.

The scope of the standards was designed to consider each country’s individual needs and their number ownership. The standards can be tweaked to fit regulatory requirements and governance, while ensuring that at the protocol level it will work cross-border. 

Currently, cross-border calls will not be blocked by terminating carriers and will complete either without attestation or with a Level C. The only call blocking that may results is not STIR/SHAKEN related, but may be the result of third-party call apps or analytics.

trusted cross-border Call Delivery

Establishing a Root of Trust

Certificate Authorities
For a cross-border call to be STIR/SHAKEN verified, it must first be confirmed and signed with a certificate that can be traced back to a trusted Certificate Authority (CA) List held by its country. If the certification is not present on that list, the call fails.
Governance  
When the Governance Authority & Policy Administrators are able to maintain a trusted CA List of the approved Certificate Authorities who issue the certificates in SHAKEN, it creates a trusted source for cross-border communications.
The Merging of CA-Lists
Trusted CA Lists
Because each country holds their own CA-List, if a call gets signed in a country using their CA List, when the U.S. receives the call, they must cross-check it with their own CA-List. If it is not on their list as well, the call will fail verification automatically.

To protect trusted communications, countries would need to merge their trusted CA Lists and create a bilateral agreement so that calls can pass verification and travel cross-border successfully.
The First Steps towards Global STIR/SHAKEN Implementation

From the Insights Blog

The First Steps towards Global STIR/SHAKEN Implementation

Call Authentication
Cross-Border Calls
Read Article
What you need to know

Consider This...

Intra-operability

There are going to be multiple solutions or mechanisms which need to be standards-based in order to intra-operate and have end-to-end capabilities, or else they won't work.

Governance

There is not going to be any single global deployment and there will be no global policeman who can mandate that everyone do it exactly the same way.

origination

You must do everything possible to get calls signed or attested as close to the origin of the call as possible. Update trusted CA Lists in order to establish a root of trust that stems from the origination of calls.

Know Your customer

For continuous trust and reputation management of phone calls, there must be a KYC vetting process in place in order to verify that they are who they say they are and can legitimately sign calls.
Regulatory Leadership

Action from the FCC

FCC TRACED Act

The traced act

Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act
TRACED Act defines the need for a caller ID authentication framework (STIR/SHAKEN) in order to address consumer complaints and combat the origination of illegal robocalls.

While the TRACED Act does touch on the STIR/SHAKEN standards as a solution, tying it to regulations may complicate future amendments to the Act as well as the notion of having a single standard to address and meet the laws and requirements of various countries.
FCC 4th & 5th FNPRM

The 4th & 5th FNPRM's

Targeting Gateway Providers to Combat Illegal Robocalls
The 4th and Fifth Notices of Proposed Rulemakings (FMPRM) propose requiring gateway providers, who are the points of entry of illegal robocalls originating abroad, to implement STIR/SHAKEN and perform Robocall Mitigation on foreign-originated calls with U.S. numbers.

The FCC is seeking further comments on additional robocall mitigation requirement to ensure gateway providers take steps to prevent illegal calls from entering the U.S. network and further revisions to the information filers must submit in their Plans in the Robocall Mitigation Database.
Cross-border call delivery

Comparing Canada

current requirements

As mandated by the Canadian Radio‑Television and Telecommunications (CRTC) Agency, by November 30th voice service providers must implement a phased version of STIR/SHAKEN that applies to the portion of a service provider's network that originates SIP traffic, transit SIP traffic, or terminating SIP traffic, not for all TDM calls.

5 Key differences

  • Canada has not yet implemented efficient inter-carrier call traceback procedures and does not have any Robocall Mitigation procedures currently in place
  • Major carriers in Canada are not generally using analytics engines and are not sending labels with the calls warning of ‘Spam’ the way they are aggressively doing so in the U.S.
  • "Gateway" providers is not a well-defined concept in Canada, as they aggregate traffic from many sources and may not be able to tell from the calling line ID whether it is an internationally originated call
  • The CRTC has not mandated any display of information such as a green checkmark or verstat parameter. They are only dealing with STIR/SHAKEN and not with what the consumer sees.
  • Canada only has a few rules around Know Your Customer (KYC)

current requirements

ongoing industry discussion

Resources from our Podcast

Tuesday Talks
biweekly live Q&A podcast series
  • How trusted cross-border communications can work
  • Scaling STIR/SHAKEN on a global scale
  • International regulatory differences
  • Regulatory updates from the FCC
  • The challenges at Attestation Gap of international call signing
Cross-border Call Delivery
PODCAST COLLECTION
It starts with an insight
Ready to take control of how your identity is presented to consumers? 
Get a Quote
Entity Identity Management™ to protect your brand across omnichannel communications 
Get a Quote
SolutionsVerified IdentityNumber ReputationSmart BrandingSTIR/SHAKENCritical Calls Registry
AboutOur TeamPartner NetworkWho We ServeCareersMedia & Style Guide
Newsletter
Podcast
© 2023 Numeracle, Inc. All Rights Reserved.
Privacy PolicyTerms & Conditions
Trust Unveiled: Digital Trust vs. Zero Trust
Exploring the Dynamic Relationship Between Digital Trust and Zero Trust Strategies in a Connected World