We have all been there, your phone rings, you pick it up and it turns out to be robocalls. Probably not the first one you had that week either. It has become such a plague for many of us nowadays, we would never pick up unless its a phone number we are familiar with. The exception to this is if we are expecting a callback, particularly from institutions like hospitals where staff often use various phones with different numbers.
As a result, we often ignore unknown callers, because we are afraid it’s another robocall that simply wastes our time. A negative consequence of this is missing out on calls from people who have important news or just trying to reach out. For instance from distant family members, acquaintances or even prospective clients. While it could be argued that these days most communication is online, some things are more appropriate for a phone call. Certain business issues or sad news like the passing of a friend or relative are prime examples in this situation.
Robocalls around the world
However, almost half of all mobile phone traffic in the US comes from robocalls or spam, according to First Orion. Meanwhile, YouMail calculates the number of robocalls for January 2019 alone at 5.2 billion. This means 167.3 million robocalls a day, or 1,936 robocalls per second! Following this trend, the US expects a minimum of 62 billion spam calls this year.
Unfortunately, this is not just a local phenomenon. Scam calls reports come from all over the world. In 2015, the British Money Advice Service reported that eight scam calls were reported every minute across the U.K that year. Moreover, the nature of the calls only gets more innovative. For example, Australian Consumer Body reports from 2018 show that scammers impersonate telecom officials to trick people. They offer the possibility for consumers to “eliminate scamming calls” for a fee. A bit ironic, isn’t it?
But, there is good news as 2019 is seemingly the start of a fightback against scam phone calls. The plan consists of two strategies, STIR and SHAKEN. No, we are not talking about a martini. We are talking about the “Secure Telephone Identity Revisited” and “Signature-based Handling of Asserted information using toKENs” standards. This works by assigning every phone a certificate of authenticity like a digital signature, just like the one on a website. If successful, this leads us into the new decade, with trust in caller IDs once more.
STIR or SHAKEN
So how do STIR and SHAKEN actually work? An outgoing call would bear a certificate verifying the call origin is correct for the number. Thereafter phone call is connected with the incoming carrier e.g.T-Mobile. From there it would then proceed to check its certificates and public key against a heavily encrypted private key.
Think about this process as the same verification process blockchain uses. A policy administrator from government or the likes issues certificates thus ensuring these certificates cannot be forged. In future, maybe a distributed ledger, known as a blockchain, replaces this administrator. In this case we need a scalable consensus mechanism to make sure these calls are processed and verified quickly.
The STIR/SHAKEN authentication schema mimics the certification used on the websites most of us use. A secure website has something called SSL certificates. If not, web browsers like Chrome warns users about websites that lack them, and penalize the owners of the platforms by down-ranking them. You know you are on a secure (or not) website by looking at the URL in your browser. If the website doesn’t have an SSL certificate, you see a warning message. Moreover, Chrome users, for example, also receive a prompt saying “Get Back to Security”. This form of authentication has been embraced fully by tech companies and there is no reason why telecom carriers would neglect to do the same.
Next steps forward
In January of this year, T-Mobile launched an early version of the STIR/SHAKEN standards to its customers. This makes it the first carrier to do so.
So is STIR/SHAKEN the wonder-cure to eliminate Robocalls? Perhaps, but it is difficult to execute. Since each outbound call receives a certificate authenticating the legitimacy of the caller’s right to use that number, no caller ID spoofing is allowed. There is an exception made for legitimate cases like when an organisation uses a ‘call back’ number.
The phone call transferred to the inbound phone, meanwhile, the inbound phone’s service provider examines the certificate’s public key against a heavily encrypted private key. If everything is right, the call is good to be connected. However, if the caller is lacking the correct certificate, the phone is either flagged as suspicious or is barred from reaching the incoming phone.
Telecom meets Google
However, it’s not just big telecom that is interested in this, Google, in its role as both tech innovator and phone manufacturer has launched Call Screening on its Pixel3 Android phones. Call Screening enables Google Assistant to pick up and screen the call. It proceeds to ask in human speech whatever its instructed by you, the user. This allows you to answer the call from an unknown number and determine if it is fraudulent or not.
