Re: [stir] The Canadian Regulator has issued a Notice of Consultation on robocalls spoofing STIR/SHAKEN

Tony Rutkowski <> Sat, 04 February 2017 13:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 39F56129AA6; Sat, 4 Feb 2017 05:50:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id h2XrOFJylcdO; Sat, 4 Feb 2017 05:50:06 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BD21A129650; Sat, 4 Feb 2017 05:50:05 -0800 (PST)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 3513B54059C; Sat, 4 Feb 2017 13:50:03 +0000 (GMT)
References: <> <> <> <> <> <> <> <>
To: Alex Bobotek <>, Dave Crocker <>, "" <>, "" <>
From: Tony Rutkowski <>
Organization: Yaana Ltd
Message-ID: <>
Date: Sat, 04 Feb 2017 08:50:02 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------D78843DFB546B282D6ADAE9D"
Archived-At: <>
Subject: Re: [stir] The Canadian Regulator has issued a Notice of Consultation on robocalls spoofing STIR/SHAKEN
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 04 Feb 2017 13:50:07 -0000


Thanks for the reflective note.  My remarks were directed at the CRTC 
Call for comments which was circulated on this list.  I had four points 
to make: 1) the incorporation into law of technical specifications such 
as the STIR/SHAKEN by designated standards bodies is ill advised, 2) the 
FCC's recent activism in this regard seem likely to change, 3) there are 
alternative platforms emerging that seem more promising, and 4) the 
adoption of STIR/SHAKEN is unlikely to be useful in dealing with what is 
basically a traffic management issue among carriers and customers.

Having been in an out of local, national, and international regulatory 
bodies over the past 50 years, there is one maxim that served those 
bodies well - avoid incorporating specific technical "fixes" proffered 
by standards bodies into regulations.  Anointing those bodies gives them 
de facto regulatory authority and they tend to become more closed, 
ossified, and manipulated over time, and innovation gets stifled as a 

Regarding the FCC, one has only to turn on the news or visit its site to 
realize that its role and activities are significantly changing, heading 
in the other direction of regulatory intervention into the industry 
management of its own affairs.  The telecom industry would be now 
foolish to paradoxically argue against own interests to "regulate me."

New innovative platforms can in part or whole serve as more efficient 
and more flexible alternatives to STIR/SHAKEN. These include not only 
blockchain, but also AI techniques pioneered by GeorgiaTech and spun out 
as Pindrop and apparently now nine other competitors.  CRTC should not 
stifle the innovation that has emerged in this sector.

Even if STIR/SHAKEN were able to be imposed at the national level by 
regulatory fiat, it is unlikely to be a global solution, nor one that 
even addresses and adapts to the changing network management demands 
faced by carriers among their diverse customer sets. They are entirely 
capable of devising and implementing their own solutions and 
coordinating them through global industry bodies such as the GSMA.  To 
the extent some kind of local national support centre is needed, the UK 
NICC model might be useful.