Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations

FCC orders phone companies to deploy STIR/SHAKEN framework

Privacy/Cyber Risk & Data Security FCC Robocalls Agency Rule-Making & Guidance

Privacy, Cyber Risk & Data Security

On March 31, the FCC adopted new rules that will require phone companies in the U.S. to deploy STIR/SHAKEN caller ID authentication framework by June 30, 2021. As previously covered by InfoBytes, the STIR/SHAKEN framework addresses “unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” FCC Chairman Ajit Pai endorsed the value of widespread implementation, stating the framework will “reduce the effectiveness of illegal spoofing, allow law enforcement to identify bad actors more easily, and help phone companies identify—and even block—calls with illegal spoofed caller ID information before those calls reach their subscribers.” The new rules also contain a further notice of proposed rulemaking, which seeks comments on additional efforts to promote caller ID authentication and implement certain sections of the TRACED Act. Among other things, the TRACED Act—signed into law last December (covered by InfoBytes here)—mandated compliance with STIR/SHAKEN for all voice service providers.