[VoiceOps] STIR/SHAKEN concerns

[Paul Timmins]

> On Aug 19, 2021, at 10:22 PM, Mary Lou Carey <marylou at backuptelecom.com> wrote:
> 
> I am doing some research for an article so I wanted to ask all of you some questions about STIR/SHAKEN and the upcoming implementation in late September when traffic will start getting blocked. I personally envision the first few months will be a nightmare! Ironically this will all hit just as elections are about to take place......how convenient! When the industry missed so many steps on the implementation phase, there's sure to be things they've missed in this phase so let's think ahead so we can address as many problems as we can before they happen! I specifically want to focus on the effect the changes are having and will have on end user customers. Not only residential and small business customers, but enterprise customers such as schools, hospitals, banks, political organizations, and other industries that use call centers. Please respond to the questions below and let me know your thoughts.
> 
> 1. Have you seen any changes in the industry since the June 30th implementation date. I have witnessed a few odd routing issues that have never happened in the past. I'm not sure if they are a fluke or a trend. Have you experienced anything out of the ordinary?

I've seen some invalid signatures, and largely reaching out has been successful in getting them fixed. No other issues, really.

> 2. If your network is partially TDM and partially VOIP, have you experienced any issues with either of them? What are your future concerns since STIR/SHAKEN does not work with TDM?

My concern is that some carriers will never switch away from TDM and I'll be forced to maintain these trunks forever, with a nonresponsive ILEC who doesn't want to be providing the service either.

> 3. My biggest complaint as a residential consumer is that caller ID no longer shows up like it did. Unless I have the number in my phone, I only see something along the lines of Scam Likely or a phone number with no caller ID. I find this quite irritating since it prevents me from determining if its a friend whose carrier hasn't implemented it yet or an actual scammer. Anyone else have complaints about what information is being passed?

... This has nothing to do with STIR/SHAKEN. CNAM is either dipped or passed in the From or P-Asserted-Identity field. You might want to reach out to your (cellular) carrier and see why you aren't getting caller id.

> 4. Are you getting more complaints from your customers about anything related to STIR/SHAKEN? What are the nature of the complaints? Is there a recurring theme?

They're mostly concerned about being flagged by reputation services. We help them reach out to all of them to register their activity. I'd love if the reputation services went away because STIR/SHAKEN was universally deployed and we could get accountability into the system and shut down bad actors.

> 5. What is your customer's impression of what a Robocall is? My son claims he's getting more SCAM calls than he was before but I'm not sure he understands what a Robocall is. He may consider any advertisement or donation request a robocall, but some things are allowed while others aren't. What are you doing to help your customers understand what's allowed and what's not allowed?

Not much we can do. I wish we could easily block political and fundraising calls. Our customers universally don't want them.

> 6. If you're hearing from customers about scam calls they are getting, are you reporting those calls to anyone? If so, who are you reporting them to?

If we get actionable data, we traceback to originating carrier and report. So far it's been dead air calls that are accidental misconfigurations of supposedly legitimate calling campaigns.  The calls stopped at least.

> 6. Criminals always seem to be creative. Have you seen any new methods scammers are using to get around STIR/SHAKEN process?

Continuing to deal with carriers who are non-compliant.

> 7. One of my greatest concerns I have about the September implementation is that carriers will get no warning if/when they are going to be blocked. I haven't seen anything that states a terminating carrier or intermediate carrier has to give a warning muchless disclose that they will start blocking another carrier's traffic. Maybe there is a hotline to call if your traffic is being blocked unjustly, but I haven't heard of any. Have you? Normal routing issues are already a nightmare to deal with. Hopefully this will not make it worse or just another method for anti-competitive carriers to take out their competition!

Ultimately, the blocking will be implemented by next hop carriers, not companies 4 hops out closest to the end user. The question won't be "why did you ring this through to the end user", it will be "why did level 3 provide transit to this downstream consumer who isn't listed in the compliance database" so I'm sure carriers will be reaching out, or they themselves will be non-compliant.

The death penalty process has safeguards and notifications from the FCC. I'm camping and using a mifi suspended on a rope 30 feet up in a tree to catch a verizon EV-DO signal so I can't easily point them out, but the lines don't just go instantly dead without warning, there's a process.

> 8. The last question leads me to the next one. I know there are some carriers using their underlying carrier's certificate so they didn't register for the Robocall Mitigation Database. I didn't recommend this, but I heard through the grapevine some consultants / underlying carriers did. If those who didn't sign up for the Robocall Mitigation Database have legitimate traffic shut down, what will happen to all their legitimate customers? Will they be out of service until the ITG gets around to figuring it out? Has anyone heard of a plan to address the impact on consumers displaced by this?

I hope so. Maybe the threat of collateral damage will force people to do the right thing.

> 9. Has anyone heard of a centralized contact to deal with unjust blocking complaints? We all know nothing goes perfectly but I would think it will be important for everyone to know what number to call should they have problems BEFORE this change is implemented. Have any of you heard anything? I haven't!

If my calls were blocked by a carrier, i'd reach out to that carrier's contact in the robocall mitigation database, because if they weren't the person in charge of it, they'd know who was.

> 10. I tried to keep my list simple but I would love to hear your thoughts on anything I missed.

Personally, my fear is we'll deal with the garbage and call it good, and we'll have similar volumes of "legal" calls that anger people. PoliceOfficerOrg can stop calling my desk line twice a day. I've been assured their traffic is legitimate, but it remains ludicrously unwanted and comes from what must be easily dozens of unique source numbers so I can't just block it. What do they think they're accomplishing here? Do they not realize they're next against the wall with such hostile calling patterns?

-Paul

Not officially speaking for my employer, though they're known to share quite a few opinions of mine.

> Thanks for all your input,
> 
> MARY LOU CAREY
> BackUP Telecom Consulting
> Office: 615-791-9969
> Cell: 615-796-1111
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops