[VoiceOps] STIR/SHAKEN warning!

Markus universe at truemetal.org
Thu Jul 6 16:07:06 EDT 2023 

Am 04.07.2023 um 07:35 schrieb Paul Timmins:
>> What if I'm an European telecom operator and have US-based end-users (via SIP) who are calling to the US and who would like to signal their United States A-number to the called party?
>>
>> What if I'm an European telecom operator and have Euro end-users (via SIP) who are calling to the US and who would like to signal their European A-number to the called party?
>>
>> If I try to register here - https://authenticatereg.iconectiv.com/register - "Country: United States" is hard-coded.
>>
>> Is there a way for Euro TSPs to get STIR/SHAKEN without creating a US entity/company just for this purpose?
> 
> I'm pretty sure it's the job of whoever is providing gateway services into the USA to sign the call, and that anyone in the STIR/SHAKEN system in the US has some sort of regulatory nexus here where they could be held legally responsible. It's all about finding a throat to choke if there's misconduct.

I asked iconectiv that question and now I have clarity:

Me:
"I have some fundamental questions about STIR/SHAKEN: What if I'm an 
European telecom operator and have US-based end-users (via SIP) who are 
calling to the US and who would like to signal their United States 
A-number to the called party? -> Do we need to get a STIR/SHAKEN 
certificate? [...]"

iconectiv:
"The revised SPC token Access Policy requires providers seeking to 
register with the STI-Policy Administrator (STI-PA) to:
1) Have a current form 499A on file with the FCC;
2) Have been assigned an Operating Company Number (OCN); [...]

Me:
"Since registering as 499A and getting an own OCN is only possible for 
US companies, I figure getting a STIR/SHAKEN certificate through you is 
currently not possible for non-US companies. Is that correct?"

iconectiv:
"That is correct."

The confusion also came from the fact that many non-US companies that 
registered in the Robocall Mitigation Database - 
https://fccprod.servicenowservices.com/rmd?id=rmd_listings - chose 
"Complete STIR/SHAKEN implementation" or "Partial STIR/SHAKEN 
implementation", which, unless they also have a US subsidiary, seems to 
be a lie. Probably they chose something that looked cool in the dropdown 
box, or were too lazy to develop a Robocall Mitigation Plan (this is 
what you gotta upload as DOCUMENT if you choose "No STIR/SHAKEN 
implementation". I also noticed some non-US companies just uploaded some 
random document to the database, like a high school report or just some 
random letters or words...   so much about the quality of that database.

Good luck
Markus

More information about the VoiceOps mailing list