To rid the world of scam calls, the FCC and telecom industry are banking on a forthcoming technology called STIR/SHAKEN, which would authenticate calls by exchanging certificates so that your phone knows if an incoming call is legitimate or “spoofed.”
The timeline for industry adoption is slow, with most large carriers testing the technology in 2019 and implementing it widely in 2020. But in Wednesday’s announcement, T-Mobile said its verified program with Comcast is fully ready and is built upon these STIR/SHAKEN standards.
“Essentially, you just exchange certificates,” said Grant Castle, VP Engineering Services at T-Mobile. “Exchanging them between us [means] we know the traffic we carry is our own and when we send it to Comcast, they’ll know it came from us.”
Currently, most other carriers are in the test phases. In March, AT&T announced that it had exchanged test calls with Comcast. Even in its partnership with T-Mobile, Comcast won’t be able to provide its own verification from T-Mobile to its Xfinity phone landline customers until later this year.
T-Mobile’s announcement means that all calls made from Comcast Xfinity customers to T-Mobile customers should prompt a “Caller Verified” icon on the receiving T-Mobile phone’s screen, if they have the right type of phone – which as of now is limited to Android phones. (A lot of the functionality is not up to phone carriers, but rather the hardware and software providers like Samsung, Apple, LG, and Google.) If a T-Mobile phone calls Comcast, Comcast will technically have the authentication certificate, but customers will not see any “verified” icon yet.
T-Mobile’s Castle said to expect more announcements in the next few months as carriers partner with each other to exchange verifying certificates.
“The value of that [Caller Verified] icon will increase as other carriers connect with us and work with us,” he said. “Eventually, you’re going to realize that nearly everyone calls you with a ‘Verified’ icon and if someone calls you without one, you’ll be more wary.”
T-Mobile and other carriers will reach more similar agreements, bringing this technology to more people across the country. But instead of a web of bilateral agreements, the goal is to have one third-party clearinghouse for the exchange of STIR/SHAKEN certificates. This, however, is likely to be a slow process.
The end goal for all of this technology is that most of the robocall scammers quit, which could happen if most phones get STIR/SHAKEN capabilities, and every call that is legit has an icon that pops up saying so.
For now this is not the case, and carriers must rely on complicated algorithms through which all calls pass as caller ID can easily be changed or “spoofed” by scammers if they want to. Unfortunately, Castle said, it’s totally legal because a long time ago this was made explicitly possible as doctors’ offices or other organizations wanted to call out from various lines but redirect to a main number.
“But of course scammers figured that out,” Castle said. Now, “You have to inspect a lot of data associated with the call when it enters our network.”