SHAKEN/STIR is Harmless

by Colin Berkshire

Carriers are rolling out the new framework to stop spam. It is based on SHAKEN and STIR (they must have a James Bond thing going on here.)

The SHANEN/STIR framework is vary complicated, and it uses a variety of authentications and interfaces which must be implemented throughout the network before it is effective. One of the alliance members, Jim McEachern stated very accurately: “the new system won’t be a panacea”.

The main goal of SHAKEN/STIR is not to eliminate spamming and robo calls, but to prevent Caller ID spoofing.

Already, a number of the smaller telecom companies and carriers have expressed disinterest in SHAKEN/STIR because of the implementation complexity and the costs. (The service introduces new service bureau products that carriers must purchase.)

What’s most important is that these frameworks only address spoofing. They really do nothing to prevent a spammer from acquiring a telephone number, continuing to SPAM, and then just ditching the number after a few hours or days. Think of it as a “burner number” just like “burner phones.”

Spammers are more creative and more nimble than the telecom behemoths. Verizon estimates that it could take several; years to fully implement SHAKEN/STIR in their network and up to five years to be implemented network wide. I would think that by then the spammers will have new methods of operating.

For example, SHAKEN/STIR really does nothing to prevent Caller ID spoofing from foreign countries. And, similarly, it would be possible to provide seemingly real caller ID information that cannot be validated on international calls. (The caller ID shows 81312345678, which is a perfectly valid, legal number…notice it has 11 digits? That’s a call from Tokyo…country code 81, city code 3, phone number 1234-5678.

I think there will be an infinite number of ways for spammers to continue for the foreseeable future.