Twilio Participates in First Successful Test of RCD Using STIR/SHAKEN Protocol

December 07, 2020
Written by
Jesper Joergensen
Contributor
Opinions expressed by Twilio contributors are their own

Twilio STIR-SHAKEN Test

For years, illegal and unwanted robocalls have been a fact of life for all of us. The calls range from just being a nuisance to flat-out posing a dangerous threat, putting our financial and private information at peril.

Throughout the scourge, answers for stopping illegal robocalls have been elusive. It is a tremendously complex problem presenting a complicated challenge to address. As we have discussed in previous blog posts, stopping illegal robocalls is an effort that requires a coordinated effort requiring a combination of law enforcement, public policy and technological innovation.

Thankfully, real progress on all fronts has been made throughout the last couple of years to turn the tide against robocall scams. For starters, on the public policy front, The TRACED Act was recently passed by Congress and signed into law, which gives the FCC and voice providers more ammunition to combat illegal robocalls. On the law enforcement front, the state Attorneys General established a public/private partnership with the telecommunications industry to share information with organizations such as USTelecom’s Industry Traceback Group to identify, investigate and prosecute the bad actors behind illegal robocalls.

And on the technology front, we’re proud to report that real ground is finally being made on implementing the SHAKEN/STIR protocol which will allow end users to have a better idea as to whether the call coming through is legitimate or not and avoid unwanted communications. As you may recall, SHAKEN/STIR (Signature-based Handling of Asserted information using toKENs/Secure Telephone Identity Revisited) is a means for telling the recipient of a phone call if the caller has the right to use the calling number by displaying a green checkmark or similar indicator; it’s meant to bring the same assurance of trust you get when you see a padlock icon next to the URL in your Web Browser.  STIR is a protocol developed by the Internet Engineering Task Force (IETF), and SHAKEN, developed by the Alliance for Telecommunications Industry Solutions (ATIS) and the SIP Forum, specifies how STIR will be transported in SIP “on the wire” and provides implementation guidance for service providers.

The STIR/SHAKEN system of trust is centered around service providers; originating service providers sign calls and the terminating service providers verifies the signature. One of the remaining challenges is to extend the trust also to Enterprises, allowing them to sign calls and be trusted in the Telephony ecosystem.

Recently, a huge step was taken towards extending SHAKEN/STIR to enterprise organizations, when a crucial test was successfully performed involving key players across the telecommunications industry that are involved in the calling process. In a coordinated effort involving Comcast, Everbridge, NetNumber, Numeracle, and Twilio, a test was completed for what is believed to be the first ever call to combine authenticated caller ID and Rich Call Data (RCD), using the STIR/SHAKEN framework and protocols. Enhancing authenticated caller ID as an extension of STIR/SHAKEN, Rich Call Data is an evolutionary leap forward for trust in the phone ecosystem. Using public key cryptography and the global STIR/SHAKEN family of protocols, Rich Call Data allows legitimate callers to tell recipients exactly who they are, where they’re calling from, and even why they are calling, with the highest degree of trust and certainty. This technology is particularly important for enterprise callers, who need reliable tools to reach their customers.

The results were presented by NetNumber recently at the Canadian Telecom Summit and available here. Twilio was invited to participate on the panel, represented by my colleague Christer Fahlgren, who provided details about our role in the test. Specifically, based on the receipt of the RCD signed call, Twilio was able to confidentially and reliably sign the call with a SHAKEN signature using A-Level Attestation, the highest level of verification.

Twilio will continue its engagement on the STIR/SHAKEN front by participating at this week’s SIPNOC 2020 conference hosted by the SIP Forum. On Thursday, Dec. 10th, at 11:30am Eastern time, Nupur Bhade Vilas, senior group manager on Twilio’s Platform Product Marketing team, will host a presentation on Twilio’s Trust Hub and how customers can deploy SHAKEN/STIR authentication and verification on their numbers with Twilio. Additionally, Christer Fahlgren, senior architect for Twilio, will participate on a panel discussion entitled “The Enterprise & A-Attestation: How is This Going to Work?” on Friday, Dec. 11th at 12pm Eastern time. He will join Douglas Ranalli, founder of NetNumber, Dr. Eric Golan, Chief Architectural Officer of Everbridge, David Stewart, VP, Business Development at Somos, Chris Wendt, Co-Chair, SIP Forum/ATIS IP-NNI Task Force, SIP Forum Director, and IP Comms & RTC Solutions for Comcast, and Anis Jaffer, Head of Product and Strategy of Numeracle where they will present the findings of the successful RCD test using the STIR/SHAKEN protocol.

Consumers deserve relief from illegal robocalls as soon as possible, in addition to still being able to receive the calls that they do want, such as from charities, schools, health care providers, businesses and government agencies during crisis situations. Twilio appreciates the opportunity to support the combined efforts of the companies involved in this ground-breaking test and look forward to working with the broader ecosystem in pursuit of our shared goal of bringing trust back to the phone call for end users.