STIR / SHAKEN: North America signs phone numbers in the fight against spam

Network operators in Canada and the United States are using digital signatures to fight spam calls with fake numbers over VoIP (Voice over IP) networks. Since Wednesday, all telecom providers in Canada and the larger providers in the USA have had to use the STIR / SHAKEN framework. VoIP network operators in the US with fewer than 100,000 customers still have two years to do so.

STIR stands for Secure Telephony Identity Revisited. When the VoIP connection is established, a digital certificate is sent along with the Session Initiation Protocol (SIP). The network operator in whose network the telephone call was initiated (“originating network operator”) thus confirms that he has actually assigned the displayed call number to the subscriber in question. The terminating network operator can then verify the authenticity of the certificate by decrypting it with the public key of the originating network operator.

If that fails, the network operator can warn the customer or reject the call entirely. Hundreds of network operators have already activated STIR in their VoIP networks and stored this fact in a database. In autumn things will get serious: From the end of September, US network operators will no longer be allowed to accept or forward VoIP calls from networks without a corresponding database entry. Canadian network operators without STIR even lose their approval at the end of November.

200 US network operators have also installed SHAKEN (Signature-based Handling of Asserted information using toKENs). That’s what the US regulator did FCC notified on Thursday. SHAKEN has the same purpose as STIR, but instead of VoIP connections for traditional telephone networks that switch calls with SS7 (Signaling System 7). There is no obligation to take the measures in SS7 networks in North America.

Automated spam calls are a nuisance in North America. Robocall campaigns are not generally prohibited. However, it is forbidden to transmit fake sender numbers or to call numbers that are on “Do Not Call” lists. However, every phone number owner must actively initiate such an entry.

A US-wide campaign by the authorities has declared war on telephone spam. In 2019, 45 authorities initiated around 90 proceedings against a range of companies and individuals. They resulted in two high-profile fines this year: At the beginning of the year, the FCC imposed a fine of almost ten million US dollars on a telephone spam Nazi.

The previous record fine for spam calls of $ 225 million followed in March. In both cases, the reason for the punishment was not the calls themselves or their content, but the falsification of the sender numbers. The record penalty was made even more difficult by the fact that the two perpetrators had deliberately dialed numbers from “Do Not Call” lists. It is precisely with these people that the spammers claim to have ripped off a lot of money by selling short-term health insurance.


To home page