US Robocalling Rules: Should EU Service Providers Worry?
Considering the risks of US robocalling legislation
How worried do EU providers need to be about changes to US legislation?
When the GDPR rules were implemented in 2018, it wasn’t just people in the EU that needed to update their privacy strategy. Any country that did business with an individual or brand from an EU location also had to re-think the way that it stored and captured data.
The same considerations apply when groups in the US apply new restrictions to things like robotic calling standards. Matthew Townend of the Cavell Group recently published a blog about the measures that the FCC (Federal Communications Commission) are taking to reduce the threat of fraudulent, scam and spam calling in the US.
If you interact with companies in the US, or you’re investing heavily in robocalling, and you’re looking for a prediction on how the regulations might change, the new “Stir/Shaken” framework may be relevant to you.
Calling Security: Shaken and Stirred
The FCC’s new STIR/SHAKEN proposal could push carriers and service providers throughout the US to implement a different kind of caller ID authentication by the end of the year.
According to Townend, the STIR framework (Secure Telephony Identity Revisited) and SHAKEN strategy (Secure Handling of Asserted information using toKENs) create an interesting system to redefine how service providers should protect against spoofed numbers. The system asks providers to attest to the originating location of the call, and give the connection one of the following grades:
- Gateway attestation – C grade – the service provider can authenticate the call but not the call source
- Partial attestation – B grade – the service provider can authenticate where the call originated but cannot verify the call source is authorised to the number in question
- Full attestation – A grade – the service provider can authenticate the calling party entirely, and they’re authorised to use the number
The implementation of this new formula wouldn’t just affect US service providers, but international SPs too. After all, there’s a risk that international calls could be blocked mistakenly because they fall into the “C Grade” environment.
Changing International Calling Standards
We know that many spoofed and fraudulent calls generally originate in foreign countries. However, that doesn’t mean that every international call is dangerous. Blocking calls on the basis that you’re not sure exactly where they come from could lead to severe problems for overseas businesses who need to connect with the United States.
The C-level attestations could end up being presented as possibly fraudulent calls to the domestic party at the other end of the conversation. Since there are many foreign companies providing legitimate VoIP and enterprise services to companies located in the EU and Asia, this presents a potential problem. While countries around the world have already begun to show their interest in the possibilities of the Shaken/Stir model, global implementation might not be ideal at this stage. Currently, the CCA is urging the FCC not to authorise the blocking of calls based on the foreign origin of a connection alone. Additionally, external callers and service providers may also need to ensure that they have access to ways of reversing erroneous call blocking activities.
Join Cavell Group at the Washington Cloud Comms Summit next week (11th & 12th September). Visit the Cloud Comms Summit homepage for more information on the agenda, speakers and tickets.