All carriers must get their STIR/SHAKEN certificate by June 30th!
I do find this a little confusing. It's already clear that POTS service has been made exempt "until further notice". So when the small operators exemption deadline was pushed up from end of June 2023 to end of June 2022, that -- by logical deduction -- could only have included small interconnected VoIP operators (which I believe was made explicitly clear anyway, but even if it had been ambiguous in the language, ...). So, out of all the interconnected VoIP operators in the States large OR small...who the heck is left who HASN'T already been required to have it implemented on their network by this point?? I don't understand who this June 2023 deadline applies to: the POTS circuit providers aren't covered by it, and all sizes of interconnected VoIP providers should have already implemented it a year ago at the latest. Another question that occurs to me (I could probably find the answer to this question with a little searching, but since I'm already here talking to the U.S. telecom brain-trust): would a provider who merely supplies white-labeled service from another interconnected VoIP provider and slaps their own name on it be required to obtain their own SHAKEN cert, and have the underlying VoIP provider sign any of their customers' calls with that cert instead of a cert belonging to the actual VoIP provider, even if the white-labeler/reseller has literally nothing to do with the network at all that services the calls? -- Nathan -----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Michael Graves via VoiceOps Sent: Wednesday, May 31, 2023 1:12 PM To: Mary Lou Carey; Alex Balashov Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th! There was an extension for "small" providers (under 100k lines) ends on June 30, 2023. That extension was basically was targeting rural LECs. It was amended so it only included those who have physical infrastructure to their clients. Those who do not operate such legacy infrastructure are supposed to be signing their calls as of June 30, 2022. There are further "gateway" orders about how any operator is supposed to handle calls arriving on their network that are not signed. Michael Graves mgraves at mstvp.com o: (713) 861-4005 c: (713) 201-1262 sip:mgraves at mjg.onsip.com -----Original Message----- From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Mary Lou Carey via VoiceOps Sent: Wednesday, May 31, 2023 2:46 PM To: Alex Balashov <abalashov at evaristesys.com> Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th! Importance: High Any carrier that provides originating VOIP or a combination of originating VOIP / PSTN / Wireless VOICE services needs to get its own certificate. My understanding is that only those who provide PSTN-only voice services do not need to have their own STIR/SHAKEN token because the technology still does not support it. Mary Lou Carey (615) 796-1111 MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2023-05-31 02:11 PM, Alex Balashov wrote:
Hi Mary Lou,
Thank you for this.
A stupid - and certainly belated - question: how exactly is a carrier defined, in the letter of the regulations underlying this deadline? Or to put it another way: who, as a VoIP service provider of one sort or another, _doesn't_ have to get their own token?
-- Alex
On May 31, 2023, at 1:46 PM, Mary Lou Carey via VoiceOps <voiceops at voiceops.org> wrote:
Hey all,
I just wanted to send out a reminder that the drop dead date for all carriers to get THEIR OWN STIR/SHAKEN certificate is coming up on June 30th. You can still have an underlying carrier sign your calls for you, but they must sign with YOUR token......not their own! You have to register with the STI-PA to start the process at this link:
https://authenticatereg.iconectiv.com/register
You must have your own IPES Company Code (aka OCN) and 499 filer ID to get a STIR/SHAKEN certificate. Just getting the certificate can take up to several weeks so please don't wait until the last minute to get one. I would hate to see anyone's network get shut down because they aren't signing their calls as per the FCC guidelines.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
US telecom brain trust? Wow......I don't even know what to say, but I'm thinking I should send my 21-year-old your way because he thinks he's a lot smarter than I am. LOL! Im going to preface my response by saying I'm not sure anyone knows exactly what the ruling means because I've called the FCC and STI-GA multiple times to ask specific questions like yours. Any time my question gets too detailed, I've been told to go read the ruling myself because they aren't attorneys and don't want to give legal advice that would steer me in the wrong direction. I don't know of any attorneys that have felt so comfortable discussing the details of the network that they have gone out on a limb to explain it to everyone either, so I can only tell you what I think based on what I've been told to date. My understanding from talking to the FCC and STI-GA is that the purpose of STIR/SHAKEN was to help the ITG identify all the players in the industry so the ITG can more easily shut down the bad players and if necessary the providers that enable those bad players. To me, that means regardless of whether a company has its own network, leases another carrier's network, or resells services, the FCC wants to identify every player in the network. We can debate which networks are exempt and which networks aren't, but ultimately there's not a lot you can do if the powers that be decide your network should be compliant and it's not. The choice to get a STIR/SHAKEN certificate is ultimately up to each company. They can either play it safe and get a token or they can play Russian Roulette with their business and not get a token. To date, I've seen the FCC/ITG give non-compliant carriers 30 days to become compliant, but that's not always enough time. I don't know if that is going to change after the deadline, but it could. It's not that difficult to get your own certificate and if another carrier is already signing your calls it's not that much more cost-wise to have your own certificate. So to me it's better to be safe than sorry. I hope that helps, MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2023-05-31 09:33 PM, Nathan Anderson via VoiceOps wrote:
I do find this a little confusing.
It's already clear that POTS service has been made exempt "until further notice". So when the small operators exemption deadline was pushed up from end of June 2023 to end of June 2022, that -- by logical deduction -- could only have included small interconnected VoIP operators (which I believe was made explicitly clear anyway, but even if it had been ambiguous in the language, ...).
So, out of all the interconnected VoIP operators in the States large OR small...who the heck is left who HASN'T already been required to have it implemented on their network by this point?? I don't understand who this June 2023 deadline applies to: the POTS circuit providers aren't covered by it, and all sizes of interconnected VoIP providers should have already implemented it a year ago at the latest.
Another question that occurs to me (I could probably find the answer to this question with a little searching, but since I'm already here talking to the U.S. telecom brain-trust): would a provider who merely supplies white-labeled service from another interconnected VoIP provider and slaps their own name on it be required to obtain their own SHAKEN cert, and have the underlying VoIP provider sign any of their customers' calls with that cert instead of a cert belonging to the actual VoIP provider, even if the white-labeler/reseller has literally nothing to do with the network at all that services the calls?
-- Nathan
-----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Michael Graves via VoiceOps Sent: Wednesday, May 31, 2023 1:12 PM To: Mary Lou Carey; Alex Balashov Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th!
There was an extension for "small" providers (under 100k lines) ends on June 30, 2023.
That extension was basically was targeting rural LECs. It was amended so it only included those who have physical infrastructure to their clients.
Those who do not operate such legacy infrastructure are supposed to be signing their calls as of June 30, 2022.
There are further "gateway" orders about how any operator is supposed to handle calls arriving on their network that are not signed.
Michael Graves mgraves at mstvp.com o: (713) 861-4005 c: (713) 201-1262 sip:mgraves at mjg.onsip.com
-----Original Message----- From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Mary Lou Carey via VoiceOps Sent: Wednesday, May 31, 2023 2:46 PM To: Alex Balashov <abalashov at evaristesys.com> Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th! Importance: High
Any carrier that provides originating VOIP or a combination of originating VOIP / PSTN / Wireless VOICE services needs to get its own certificate. My understanding is that only those who provide PSTN-only voice services do not need to have their own STIR/SHAKEN token because the technology still does not support it.
Mary Lou Carey (615) 796-1111
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2023-05-31 02:11 PM, Alex Balashov wrote:
Hi Mary Lou,
Thank you for this.
A stupid - and certainly belated - question: how exactly is a carrier defined, in the letter of the regulations underlying this deadline? Or to put it another way: who, as a VoIP service provider of one sort or another, _doesn't_ have to get their own token?
-- Alex
On May 31, 2023, at 1:46 PM, Mary Lou Carey via VoiceOps <voiceops at voiceops.org> wrote:
Hey all,
I just wanted to send out a reminder that the drop dead date for all carriers to get THEIR OWN STIR/SHAKEN certificate is coming up on June 30th. You can still have an underlying carrier sign your calls for you, but they must sign with YOUR token......not their own! You have to register with the STI-PA to start the process at this link:
https://authenticatereg.iconectiv.com/register
You must have your own IPES Company Code (aka OCN) and 499 filer ID to get a STIR/SHAKEN certificate. Just getting the certificate can take up to several weeks so please don't wait until the last minute to get one. I would hate to see anyone's network get shut down because they aren't signing their calls as per the FCC guidelines.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
I am not an attorney; this is not legal advice. The (primary) purpose of STIR/SHAKEN was not to help the ITG. The purposes are to (at the terminating or called-party end of the call) identify the entity responsible for originating the call, and allow that entity to signal what they know about the association between the caller and the calling number. We are just about to the point (end of this month) where virtually all providers are required to sign the calls they originate and send onward via IP. That includes providers that serve so-called POTS customers (when those POTS customers place calls sent via other providers). See 47 CFR ? 64.6301(a)(2) This applies to the ORIGINATING provider. The expectation, as made clear in the implementing specs and regulations, is that the originating provider KNOWS who the caller is. ATIS says (ATIS-1000088): "Has a direct authenticated relationship with the customer and can identify the customer." If you are a reseller and you are the one with the "direct authenticated relationship with the customer" then your (A- or B-) signature should be on the calls. As noted, you can get a SHAKEN token and delegate the signing to your underlying provider. But it will be your name, and your reputation, on the calls. If you are an underlying provider and you do NOT know who the customer is, then insist that your reseller get a token and either sign the calls or delegate that to you (with their token). If you do not know anything about the caller, then you are risking your reputation (and perhaps more) by signing those calls. More of my thoughts on this topic are here: https://legalcallsonly.org/attestation-inflation-the-abcs-of-signing-calls/ If you find the regulations confusing, your best bet is to play it safe. That would mean signing calls with your OWN token when your direct customer is the one initiating the calls (that is, they are the "caller" for legal purposes and they are going to take responsibility for conformance of the calls to ALL the applicable regulations -- and there are many, including TCPA, TSR, fraud, and state statutes). You, as the originating provider, still have a set of responsibilities here -- see 47 CFR ? 64.1200(n)(3) as ONE EXAMPLE. If the calls come to you from an entity that is not the one initiating the calls, then insist that the calls are signed when you get them (or that your customer provides you with their token so you can affix their signature). As Mary Lou indicates, you are playing Russian roulette if you are originating calls and they do not bear your signature. And your underlying provider is doing the same if they are accepting those calls unsigned and sending them onward. The FCC has a Further Notice of Proposed Rulemaking that is open for comment RIGHT NOW on the topic of "Third-Party Caller ID Authentication." The FNPRM is available here: https://docs.fcc.gov/public/attachments/FCC-23-18A1.pdf. See starting at paragraph 97. Initial public comments on this FNPRM are due June 5 (Monday) and Reply Comments are due a month later. You'll be able to read (and file) comments here: https://www.fcc.gov/ecfs/search/search-filings/results?q=(proceedings.name:( %2217-97%22)). Once comments are filed the FCC will likely issue an Order in due course, which may be clarifying or confusing or both or neither. David Frankel ZipDX? LLC St. George, UT USA Tel: 1-800-FRANKEL (1-800-372-6535) Visit My Robocall Blog -----Original Message----- From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Mary Lou Carey via VoiceOps Sent: Thursday, June 1, 2023 2:01 PM To: Nathan Anderson <nathana at fsr.com> Cc: Voice Ops <voiceops at voiceops.org> Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th! US telecom brain trust? Wow......I don't even know what to say, but I'm thinking I should send my 21-year-old your way because he thinks he's a lot smarter than I am. LOL! Im going to preface my response by saying I'm not sure anyone knows exactly what the ruling means because I've called the FCC and STI-GA multiple times to ask specific questions like yours. Any time my question gets too detailed, I've been told to go read the ruling myself because they aren't attorneys and don't want to give legal advice that would steer me in the wrong direction. I don't know of any attorneys that have felt so comfortable discussing the details of the network that they have gone out on a limb to explain it to everyone either, so I can only tell you what I think based on what I've been told to date. My understanding from talking to the FCC and STI-GA is that the purpose of STIR/SHAKEN was to help the ITG identify all the players in the industry so the ITG can more easily shut down the bad players and if necessary the providers that enable those bad players. To me, that means regardless of whether a company has its own network, leases another carrier's network, or resells services, the FCC wants to identify every player in the network. We can debate which networks are exempt and which networks aren't, but ultimately there's not a lot you can do if the powers that be decide your network should be compliant and it's not. The choice to get a STIR/SHAKEN certificate is ultimately up to each company. They can either play it safe and get a token or they can play Russian Roulette with their business and not get a token. To date, I've seen the FCC/ITG give non-compliant carriers 30 days to become compliant, but that's not always enough time. I don't know if that is going to change after the deadline, but it could. It's not that difficult to get your own certificate and if another carrier is already signing your calls it's not that much more cost-wise to have your own certificate. So to me it's better to be safe than sorry. I hope that helps, MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 On 2023-05-31 09:33 PM, Nathan Anderson via VoiceOps wrote:
I do find this a little confusing.
It's already clear that POTS service has been made exempt "until further notice". So when the small operators exemption deadline was pushed up from end of June 2023 to end of June 2022, that -- by logical deduction -- could only have included small interconnected VoIP operators (which I believe was made explicitly clear anyway, but even if it had been ambiguous in the language, ...).
So, out of all the interconnected VoIP operators in the States large OR small...who the heck is left who HASN'T already been required to have it implemented on their network by this point?? I don't understand who this June 2023 deadline applies to: the POTS circuit providers aren't covered by it, and all sizes of interconnected VoIP providers should have already implemented it a year ago at the latest.
Another question that occurs to me (I could probably find the answer to this question with a little searching, but since I'm already here talking to the U.S. telecom brain-trust): would a provider who merely supplies white-labeled service from another interconnected VoIP provider and slaps their own name on it be required to obtain their own SHAKEN cert, and have the underlying VoIP provider sign any of their customers' calls with that cert instead of a cert belonging to the actual VoIP provider, even if the white-labeler/reseller has literally nothing to do with the network at all that services the calls?
-- Nathan
-----Original Message----- From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Michael Graves via VoiceOps Sent: Wednesday, May 31, 2023 1:12 PM To: Mary Lou Carey; Alex Balashov Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th!
There was an extension for "small" providers (under 100k lines) ends on June 30, 2023.
That extension was basically was targeting rural LECs. It was amended so it only included those who have physical infrastructure to their clients.
Those who do not operate such legacy infrastructure are supposed to be signing their calls as of June 30, 2022.
There are further "gateway" orders about how any operator is supposed to handle calls arriving on their network that are not signed.
Michael Graves mgraves at mstvp.com o: (713) 861-4005 c: (713) 201-1262 sip:mgraves at mjg.onsip.com
-----Original Message----- From: VoiceOps <voiceops-bounces at voiceops.org> On Behalf Of Mary Lou Carey via VoiceOps Sent: Wednesday, May 31, 2023 2:46 PM To: Alex Balashov <abalashov at evaristesys.com> Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] All carriers must get their STIR/SHAKEN certificate by June 30th! Importance: High
Any carrier that provides originating VOIP or a combination of originating VOIP / PSTN / Wireless VOICE services needs to get its own certificate. My understanding is that only those who provide PSTN-only voice services do not need to have their own STIR/SHAKEN token because the technology still does not support it.
Mary Lou Carey (615) 796-1111
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111
On 2023-05-31 02:11 PM, Alex Balashov wrote:
Hi Mary Lou,
Thank you for this.
A stupid - and certainly belated - question: how exactly is a carrier defined, in the letter of the regulations underlying this deadline? Or to put it another way: who, as a VoIP service provider of one sort or another, _doesn't_ have to get their own token?
-- Alex
On May 31, 2023, at 1:46 PM, Mary Lou Carey via VoiceOps <voiceops at voiceops.org> wrote:
Hey all,
I just wanted to send out a reminder that the drop dead date for all carriers to get THEIR OWN STIR/SHAKEN certificate is coming up on June 30th. You can still have an underlying carrier sign your calls for you, but they must sign with YOUR token......not their own! You have to register with the STI-PA to start the process at this link:
https://authenticatereg.iconectiv.com/register
You must have your own IPES Company Code (aka OCN) and 499 filer ID to get a STIR/SHAKEN certificate. Just getting the certificate can take up to several weeks so please don't wait until the last minute to get one. I would hate to see anyone's network get shut down because they aren't signing their calls as per the FCC guidelines.
MARY LOU CAREY BackUP Telecom Consulting Office: 615-791-9969 Cell: 615-796-1111 _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
participants (3)
-
dfrankel@zipdx.com -
marylou@backuptelecom.com -
nathana@fsr.com