Best Practices for the Implementation of Call Authentication Frameworks NANC Call Authentication Trust Anchor Working Group Table of Contents 1 Introduction................................................................................................................................................... 3 2 Executive Summary ....................................................................................................................................... 4 3 Best Practice Recommendations ................................................................................................................... 5 3.1 Vetting caller identity ............................................................................................................................ 6 3.1.1 Overview of a subscriber ................................................................................................................... 6 3.1.2 Vetting of the End-User or Customer entity and identity ................................................................... 9 3.1.3 Best practices for vetting retail Customers ........................................................................................ 9 3.1.4 Best practices for vetting wholesale subscribers .............................................................................. 10 3.1.5 Industry communication and implementation ................................................................................. 11 3.2 Guidelines for different SHAKEN attestation levels ............................................................................. 11 3.3 Best practices for achieving full attestation for different subscriber types and use-cases ..................... 11 3.4 TN Validation ...................................................................................................................................... 13 3.4.1 TN Validation for Toll-Free Resp Orgs ............................................................................................. 14 3.5 Identification of international subscribers ........................................................................................... 14 3.5.1 Alternative mechanisms to assist with interoperability in the absence of STIR/SHAKEN technologies ....................................................................................................................................................... 15 3.6 Additional best practices for accurate identification of calling party .................................................... 16 3.6.1 Achieving full attestation for indirect relationships ......................................................................... 16 3.6.2 Robust robocall mitigation practices ................................................................................................ 17 4 Conclusion ................................................................................................................................................... 18 5 Glossary ...................................................................................................................................................... 19 Appendix A  Attestation Level Guideline Details ................................................................................................ 22 Appendix B  Resp Org Establishment ................................................................................................................. 24 Appendix C  State Attorneys General Anti-Robocall Principles ........................................................................... 25 2 Best Practices for the Implementation of Call Authentication Frameworks 1 Introduction Fighting illegal robocalls is a top consumer protection priority for the Federal Communications Commission (FCC), and call authentication is an important part of solving this critical challenge. With the recent passage of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, Congress expressed its support for a robust call authentication system.1 As part of the TRACED Act, Congress directed the Commission to  issue best practices that providers of voice service may use as part of the implementation of effective call authentication frameworks& to take steps to ensure the calling party is accurately identified. 2 The FCC s Wireline Competition Bureau (WCB) has called upon the North American Numbering Council (NANC), via its Call Authentication Trust Anchor (CATA) Working Group (WG), to recommend best practices that would, in the NANC s view, satisfy Congress s directive above if adopted by the Commission.3 These recommendations should address at least the following questions: 1. Which aspects of a subscriber s identity should, or must a provider collect to enable it to accurately verify the identity of a caller? 2. What guidelines or standards should providers use when assigning the three attestation levels A (or  full attestation), B ( partial ), and C ( gateway ) of the SHAKEN/STIR4 framework? 3. How should best practices vary depending on the type of subscriber, such as between large enterprises, individuals, and small businesses? 4. When should providers consider using third-party vetting services, and how should they make the best use of them? 1 Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, S. 151, 116th Cong., at § 4(b)(l) (2019) (TRACED Act). 2 TRACED Act § 4(b)(7). 3 FCC Wireline Competition Bureau Letter to NANC CATA WG (Feb. 27, 2020) (available at: https://docs.fcc.gov/public/attachments/DOC-362809A1.pdf) 4 Signature-based Handed of Asserted Information Using toKENs (Shaken) and Secure Telephone Identity Revisited (STIR) standards. 3 5. Should there be unique industry-wide best practices for knowing the identity of subscribers located abroad? If so, what best practices could the WG recommend regarding identification of such subscribers? 6. Are there any other best practices voice providers can implement  to take steps to ensure the calling party is accurately identified ? The best practices recommended in this report were developed based on industry expertise and experience, to assist in the overall objective of mitigating robocalling when implementing call authentication frameworks. These best practices: 1. Are considered voluntary and do not imply mandatory implementation, nor should they be mandated, to ensure carriers have the flexibility and speed to respond to evolving issues. 2. Were developed through rigorous deliberation and industry consensus by a broad set of stakeholders. 3. Have been proven through actual implementation and are more than just a  good idea . 4. Address classes of problems, rather than one-time issues. 5. Do not endorse specific commercial products or services. 6. Should not be assumed to apply in all situations or to all industry types. Communications organizations should evaluate and implement the best practices they deem appropriate. The recommendations in this report can help inform a specific organization s best practices. Additionally, organizations should institutionalize the review of these best practices as part of their operational processes and assess, on a periodic basis, how implementing selected best practices might assist in the overall mitigation of robocalls. 2 Executive Summary The best practices below summarize the recommendations of the CATA WG for implementing effective call authentication strategies. Best practices must be tailored to specific calling scenarios and functional relationships among service providers and their discrete Customer classes. Moreover, as the industry s technical working groups advance new robocall mitigation techniques, and if bad actors find ways to subvert current mitigation techniques, best practices must continue to evolve. To these ends, the CATA WG recommends the WCB consider the following best practices to further implement the TRACED Act: 1. Subscriber Vetting. Service Providers should vet the identity of retail and wholesale subscribers, in conjunction with approving an application for service, provisioning of network connectivity, entering into a contract agreement, or granting the right-to-use telephone number resources. 2. TN Validation. Originating Services Providers should confirm the End-User or Customer s right-to-use a Telephone Number. 4 3. A-Level Attestation. Originating Service Providers should authenticate calls with attestation level A only when they can confidently attest that the End-User initiating the call is authorized to use the TN-based caller identity associated with the calling line or account of the End-User. 4. B- and C-Level Attestation. Originating Service Providers should only authenticate calls with attestation levels B or C for calls where TN Validation has not been performed on the originating telephone number. 5. Third-Party Validation Services (referred to by the FCC as third-party vetting services in the charge letter). Originating Service Providers should use a third-party validation service when they cannot or choose not to independently perform TN Validation. Third-party vetting services may be particularly useful in the case of enterprise customers that acquire telephone numbers from multiple telephone number service providers. 6. International. Service providers that sell services to international call originators using North American Numbering Plan (NANP) numbers should develop processes to validate that the calling party is authorized to use the telephone number or caller identity. Further, domestic gateway providers may wish to explore voluntary commercial arrangements with international providers that include terms and conditions that would give the domestic gateway provider the tools, information, and confidence to trust the validity of the calling identity. 7. Ongoing Robocall Mitigation. Service providers, whether IP- or non-IP-based should have ongoing robocall mitigation programs in addition to implementing call authentication protocols. The elements of such programs may vary depending on the nature of the service provider s business but may include ongoing monitoring of subscriber traffic patterns to identify behaviors that are consistent with illegal robocalling. Service providers may, after further investigation, take appropriate action to address such behaviors. The subsections of section 3 below roughly correspond to the order of the questions in the WCB letter, but the subject matter addressed in the subsections may exceed the specific inquiries. The group also defined material terms when responding to the WCB questions as necessary, which are contained in the Glossary. 3 Best Practice Recommendations The following sections provide context for the specific best practices recommended by the CATA WG to implement effective call authentication frameworks. The report defines many of the concepts regarding the parties that have a role in the telephone number caller identity trust ecosystem. The best practices should provide both a technical and business relationship framework for how telephone number identities can be trusted as calls are delivered from origination to termination. The trust framework is governed by participation in the SHAKEN ecosystem, whereby responsible parties abide by FCC rules, industry standards, or the Secure Telephone Identity Governance Authority (STI-GA) policies. Likewise, subscribers to a voice service are bound by terms of service that require the correct use of telephone number caller identities when initiating calls. 5 3.1 Vetting caller identity Accurately defining the terms  subscriber and  caller identity will establish the proper context for relationships between the two terms and use-cases that will inform the best practices. The accurate identification of a subscriber in the STIR/SHAKEN ecosystem is tied to a telephone number-based caller identity associated with that subscriber. The phone number may or may not be associated with the subscriber s account with the responsible party. The definition of caller identity is precisely defined in ATIS-1000088, A Framework for SHAKEN Attestation and Origination Identifier: Telephone Number (TN)-based caller identity - the originating phone number included in call signaling used to identify the caller for call screening purposes. In some cases, this may be the Calling Line Identification or Public User Identity. In other cases, this may be set to an identity other than the caller s Calling Line Identification or Public User Identity. In other words, the TN-based caller identity represents the telephone number used in a telephone call that is uniquely associated with a subscriber. 3.1.1 Overview of a subscriber The subscriber is an entity that has a business relationship with a service provider who transits, originates and/or terminates calls on behalf of the subscriber. ATIS-1000088 defines two concepts of subscriber including Customer and End-User: Customer - Typically a service provider s subscriber, which may or may not be the ultimate End-User of the telephone service. A Customer, for example, may be a person, enterprise, reseller, or value-added service provider. End-User - The entity ultimately consuming the VoIP-based telephone service. For the purposes of this report, an End-User may be the direct customer of a Voice Service Provider (VSP) (the interconnected provider that originates the call to the telephone network) or may indirectly use the VoIP-based telephone service through another entity such as a reseller or value-added service provider. End-Users are typically the retail consumer or commercial entity that has purchased the right-to-use a telephone number (or numbers) as part of a service to which the End-User has subscribed. Customers, on the other hand, may be wholesale or retail Customers of a VSP. In the latter case, they are also End- Users of the VSP s service. Conversely, resellers or value-added service providers may be Customers but are not End-Users. Instead, End-Users of their service may not have an authenticated relationship with the VSP that is the originating network of the call and is responsible for attestation of the call. 6 Figure 1: Example of End-User as a direct retail customer of a voice service provider acting as the OSP for a call. The Terminating Service Provider (TSP) receives the call and delivers it to their End-User subscriber. Generally, a subscriber that is both an End-User and a Customer of a VSP can be classified as a  direct subscriber type. Ideally, the service should always be provided over an authenticated network channel using up-to-date and robust authentication procedures, so the service provider knows with confidence who is sending the calls into its network. ATIS-1000088 provides two example use-cases of this subscriber type: the direct individual assignment case A.1.1; and the pre-paid account case A.1.2. The figure above shows an example of a retail Customer that is the End-User represented by the TN-based caller identity. Note the authenticated relationship (denoted by the lock icon) between the OSP and the End-User. There are, however, many common call use-cases beyond direct subscriber cases. These indirect use- cases can take many forms. ATIS-1000088 provides three illustrative use-cases including Enterprise A.1.3, Communications Reseller A.1.4, and Value-Added Service Provider (VASP) A.1.5. For A.1.3, the Enterprise is the End-User and has a direct subscriber relationship with the VSP, although the Enterprise may be using indirectly acquired TNs (from the perspective of the VSP) that were assigned by a Telephone Number Service Provider (TNSP) and/or Responsible Organization (Resp Org) in the case of Toll-Free telephone numbers. In the A.1.4 and A.1.5 indirect subscriber calling cases, the reseller or VASP is a Customer of the VSP, i.e., the VASP/reseller has an authenticated relationship with the VSP as described by the above use-cases. However, in A.1.4 and A.1.5, the End-User ultimately has an indirect indeterminant relationship to the VSP. In order to properly validate the authority of an indirect End-User to be represented by a particular telephone number (telephone number-based caller identity) there needs to be new and additional mechanisms in place so the VSP can be sufficiently confident the caller identity or telephone number used for the call merits full attestation (i.e., A-level attestation). 7 Figure 2: Example of a reseller as customer of multiple TSPs and End-User as a reseller customer Figure 3: Example of a Value-Added Service Provider as a customer of multiple TSPs with an End-User as the VASP Customer A further complication in many indirect cases is that the Communications Reseller or VASP may source telephone number resources from multiple TNSPs, or in the case of toll-free numbers from multiple Resp Orgs. In these cases, because of least cost routing or calling path diversity, the TNSPs or Resp Orgs may not be the OSP for a particular call. As a result, validation by the OSP of the authority for 8 right-to-use of the telephone number can also be indirect. The topic of indirect use-cases and the best practices associated with these scenarios will be covered in the validation section (3.4) of the report. 3.1.2 Vetting of the End-User or Customer entity and identity Whether a subscriber is an End-User or other Customer type, a provider should vet the identity of the subscriber as part of an application for service or contract process. The best practice applies whether the service provider is a VSP, VASP, Reseller, TNSP, Resp Org or other telephone application provider. The type of information collected to vet a subscriber is explicitly different from the information required or used to confirm the right-to-use a telephone number and used to authenticate the use of a TN-based caller identity for a call for STIR/SHAKEN. Moreover, vetting may involve collecting different information for different types of subscribers. For example, it may be appropriate to collect distinct sets of information to vet the identity of residential End-Users, commercial End-Users, wholesale Customers, and other Resellers. In all of these cases, the subscriber vetting process is intended to help determine the legitimacy of a Customer for the purposes of establishing a business relationship. Additionally, such information may be useful and important to law enforcement (e.g., the ability to find and prosecute the Customer in the event they are involved in illegal robocalling or other illegal activities despite being vetted). Such Customer vetting should be part of any robocall mitigation program and should precede TN Validation when establishing new service. The TN Validation process is a separate best practice recommended later in this document. 3.1.3 Best practices for vetting retail Customers Residential and small business retail End-Users (i.e., mass market Customers) present a low risk for perpetrating illegal robocalls. VSPs collect End-User address contact information for general provisioning and billing of service. Retail End-User service is generally provisioned to a fixed location, is easily identifiable, and is unlikely to generate illegal robocalls. Commercial retail End-Users, comprised of larger businesses with more complex service configurations, may present a somewhat higher risk of perpetrating illegal robocalls. As a result, a different intensity of vetting may be appropriate for such subscribers. The general concept of subscriber vetting is embodied in the State Attorneys General/Service Provider Anti-Robocalling Principles endorsed by more than a dozen/certain VSPs.5 Specifically, Principle #5 reads:  Confirm the Identity of Commercial Customers. Providers will confirm the identity of new commercial VoIP customers by collecting information such as physical business location, contact person(s), state or country of incorporation, federal tax ID, and the nature of the customer s business. This recommendation from the State Attorneys General/Service Provider Anti-Robocalling Principles provides example customer information to gather during subscriber vetting, however, it may not apply to all VSP use cases or business models. 5 State Attorneys General Anti-Robocall Principles for Voice Service Providers (Aug. 22, 2019) (appended below). 9 Principle #5, in conjunction with Principles #3 and #4 (described in Section 3.6), are elements of a broader robocall mitigation program for VSPs and are consistent with other industry practices such as the CA Browser Forum defined extended validation procedures for certificates (reference CA-Browser- Forum-EV-Guidelines Section 11). Vetting the identity of a new subscriber should occur whether calls are originated on IP or non-IP networks. In addition, monitoring Customers network traffic, investigating suspicious calling patterns, and taking action when illegal robocalling campaigns are identified should be included as best practices for all VSPs, whether they originate calls on IP or non-IP networks. Ultimately, VSPs should have the discretion to develop their own subscriber vetting program, which may include some combination of the practices summarized in this section, based on the types of subscribers they serve. Subscriber vetting should parallel the way VSPs enforce their acceptable use polices and terms of service. VSPs should, however, reevaluate their vetting processes if the VSP s network is found to be used for illegal robocalling. 3.1.4 Best practices for vetting wholesale subscribers Illegal robocall mitigation for wholesale subscribers can take multiple forms. Resale is one form of wholesale relationship, where the Reseller serves retail End-Users using the facilities-based platform of a wholesale VSP (e.g., Mobile Virtual Network Operator (MVNO) or full-service resale). Transit or transport is another form of wholesale service, where the wholesale VSP provides intermediate transport services or termination services to its wholesale subscriber. Wholesale providers also may give retail providers, such as Resellers, a right-to-use TNs. While calls typically do not originate on a wholesale transit or transport service provider network, it is also important to adequately vet wholesale Customers. If appropriate, wholesale providers may vet identity information for their wholesale Customers by confirming whether the Customer is an FCC Form 499-A filer in the FCC Form 499 Filer Database6 or intermediate provider registration.7 If an applicant for a wholesale service such as full service resale or an MVNO is not an FCC Form 499-A filer, the wholesale service provider should understand the nature of the Customer s business that exempts them from being a Form 499-A filer. As indicated in Section 3.1.3 above, VSPs should have the discretion to develop their own wholesale subscriber vetting program, which may include some combination of the practices summarized in this section as well as Section 3.1.3, based on the types of wholesale subscribers they serve. Wholesale subscriber vetting should parallel the way VSPs enforce their acceptable use polices and terms of service. VSPs who provide wholesale services should also reevaluate their vetting processes if their network is found to be used for illegal robocalling. 6 Available at: https://apps.fcc.gov/cgb/form499/499a.cfm. 7 Available at: https://opendata.fcc.gov/dataset/Intermediate-Provider-Registry/a6ec-cry4. 10 3.1.5 Industry communication and implementation The industry is in the best position to collaboratively develop a process to educate and encourage service providers to adopt applicable best practices outlined in this document. Associations which participate in the STI-GA governance process represent a broad range of service providers and can disseminate this information to their members and as appropriate may hold informational sessions on this topic. These practices could be implemented through various mechanisms: " Voluntarily  The best practices for service providers may require updating as industry practices and technologies evolve. This could most effectively be accomplished through collaborative industry working groups. For example, the industry could work to develop both network traffic monitoring, investigation, and policy enforcement best practices to minimize third-party illegal robocalling campaigns. " Contractually  For example, wholesale providers could require clauses in their transit contracts, among others to require customers to adopt robocall mitigation best practices including confirming the identities of their End-User subscribers either directly from the End-Users or by providers or third parties that act on behalf of the End-User. " Regulatorily  Because illegal call mitigation is evolving and the associated regulatory environment for robocall mitigation is still developing, it would be premature to mandate any specific practices or standards in the near-term. 3.2 Guidelines for different SHAKEN attestation levels The common goal for SHAKEN and the industry is to provide the ability to authenticate calls with attestation  A level or full attestation, when the End-User initiating the call is authorized to use the TN-based caller identity.  B is a higher level of attestation than  C and can provide some additional information to the terminating provider, but best practice seems to have converged that both  B and  C are more useful for identifying originating networks. An analysis of attestation assignments factoring in connectivity, business association, confirmation of real-world identity, and authorization of the End User to legitimately place calls using the calling number is found in Appendix A. 3.3 Best practices for achieving full attestation for different subscriber types and use-cases As discussed in Section 3.1.1, there are two subscriber types of End-User and Customer. Depending on whether a subscriber is an End-User or a Customer or both, there are two high-level subscriber relationship cases in the telephone network today. The first is the  direct relationship where the VSP provides the telephone number as an integrated product within a telephone service to an End-User subscriber (e.g., residential End-User or a commercial entity (small business or complex commercial 11 enterprise)) that may have several End-Users for whom it controls access to telephone service. The second is the  indirect relationship involving End-Users that are not getting service from a VSP directly. Rather they obtain telephone service through entities such as those mentioned in Section 3.1: enterprise, resellers, VASPs, or cloud telephone application providers. For indirect relationships, the industry is working on various mechanisms that, in the future, can be used to obtain full attestation. This includes, but is not limited to Delegate Certificates, Letters of Authorization, and Central Database methods. Relationship to Subscriber Originating Service Description Type Provider Subscriber is managed by an Originating VSP with telephone number(s) and telephone service as part of a End-User single product that is authorized for both telephone and Direct number usage and telephone service from a directly Customer authenticated device. (e.g., a subscriber that obtains access to the public telephone network via a phone or SIP-PBX that has a direct relationship with the VSP). Subscriber is given the right-to-use a telephone number, block or sets of each with the intent of using those numbers End-User Indirect to originate calls via a call initiation functional service. (e.g., Only an enterprise subscriber that obtains access to the public telephone network via a reseller or VASP). Subscriber is provided an application service, a trunk or a wholesale service that allows them to facilitate the origination of calls from their customers authorized TN- Customer Indirect based caller identity for outbound calling services that may Only support human- or machine-based calling to and from the Public Switched Telephone Network (PSTN) (e.g., a Service Provider (SP) subscriber that is a reseller or VASP). Table 1: Subscriber types and relationship to OSP descriptions For best practices regarding individuals and small businesses (i.e., mass-market Customers), as opposed to large enterprises, there may be a generalization made that mass-market Customers typically fall in the direct relationship category, where larger businesses often have multiple telephone services encompassed by a combination of different direct and/or indirect business relationships. 12 Figure 4: An illustrative enterprise use-case involving both corporate communications as well as outbound customer contact center use-cases The next section will detail further the best practices associated with the process of validating the authorized use of a telephone number in the context of both direct and indirect subscribers. 3.4 TN Validation Telephone Number (TN) Validation refers to the confirmation of the End-User s right-to-use the telephone number. TN Validation is necessary and appropriate when an End-User s right-to-use the telephone number is unknown to the OSP responsible for performing SHAKEN attestation for the call. TN Validation is the inherent result of an OSP s assignment of a telephone number to its End-User. Thus, TN Validation may not be necessary as an explicit process in this regard. TN Validation is intended to support elevation of attestation for a call originating from an End-User with a telephone number, where the telephone number is not assigned by the OSP. Third parties may be used for TN Validation or providers may offer TN Validation for End-Users. Multiple TNSPs may provide telephone numbers to End-Users, such as enterprises or small business, or to providers that offer services to End-Users, such as resellers, VASPs, or cloud telephone application providers in larger blocks or ranges, which those providers then may assign to their End-User as part of the telephone service. 13 It is also intended to support cases of legitimate spoofing of telephone numbers where an End-User that is authorized to use a telephone number through a particular TNSP relationship may want to also use that telephone resource(s) with another communications service.8 One example of legitimate spoofing is where a school district has a telephone number associated with its main switchboard supported by one service provider, which it also wants to use as the TN-based caller identity with the snow-day robocalling application service supported by another service provider. 3.4.1 TN Validation for Toll-Free Resp Orgs Where the Resp Org, or in some cases the reseller SP who obtained the Toll-Free Number (TFN) for the End-User, is not the Service Provider for the End-User, on a call(s) the relationship between the OSP and the End-User for the TFN is indirect. A TN Validation process (see 3.4 above) may be used in advance of call placement. For TFNs, the Resp Org or, in some cases, the reseller SP who obtained the TFN for the End-User is the entity with the knowledge of which End-User has been assigned the TFN. The End-User, which has the right-to-use a TFN, may authorize a third party to use the TFN for the calling party number. In this case, another mechanism would be needed to provide proof the third party is allowed to use the TFN  e.g., one of the mechanisms mentioned in section 3.3 being worked on by the industry. For more information regarding Resp Org requirements, see Appendix B. 3.5 Identification of international subscribers For internationally originated calls, there is a desire for other countries to adopt corresponding STIR/SHAKEN, STI-GA and STI-PA ecosystems that provide authorized digital signatures, endorsed by local regulatory agencies and coordinated through cross-border efforts being discussed in the Joint ATIS/SIP Forum IP-NNI Task Force and other forums. This is similar to what is happening between the US and Canada, where there is coordination of providing authorized root certificates specific to a country or region. In the United States, it is a long-standing problem that international gateway traffic is a significant source of fraudulent traffic. However, both how and where that traffic is coming from is not well defined. Traditionally, an  international gateway is defined as a network element that specifically translates international call signaling from country specific standards to US provider compatible protocols. As VoIP services have evolved, the use of the term  international gateway has unfortunately become less well defined. VoIP does not have as many geographic restrictions as non-IP services, which has enabled international entities to send VoIP traffic easily around the world including traffic that may terminate into a US-based provider s network. Today, it is understood that most of the fraudulent internationally-sourced traffic is coming through domestic telephone application providers and VSPs. Often, this occurs through underground or backdoor types of operations that mainly cater to malicious entities (either international or domestic) that want to terminate traffic with illegally spoofed NANP 8 See also ATIS-1000089, Study of Full Attestation Alternatives for Enterprise and Business Entities with Multi-Homing and Other Arrangements, or other processes, including processes in development but not yet published. 14 telephone numbers or illegitimate or invalid numbers. While fraudulent traffic does happen with international calling party telephone numbers coming from the legitimate country of origin, currently the portion of this traffic to the overall fraudulent call volume is relatively small. Based on SP experience, it appears the primary source of the problem may not be  international gateways, rather, it is VoIP applications, trunks, and wholesale providers that cater to subscribers sourcing traffic from international entities with fraudulent intent. Fraudulent internationally sourced or originated traffic can be separated into the following broad categories: " Internationally-based companies or individuals sending fraudulent traffic using US-based application, trunking, or wholesale services with spoofed domestic numbers; " Internationally-based companies or individuals sending fraudulent traffic using US-based application, trunking, or wholesale services with spoofed international numbers; " Internationally-based companies or individuals sending fraudulent traffic using internationally based application, trunking, or wholesale services with spoofed domestic numbers; or " Internationally-based companies or individuals sending fraudulent traffic using internationally based application, trunking, or wholesale services with spoofed international numbers. " Best practices for these use cases could utilize these broad categories to inform specific future practices. 3.5.1 Alternative mechanisms to assist with interoperability in the absence of STIR/SHAKEN technologies Best practices for internationally-originated calls using NANP numbers are still evolving, including how to acquire sufficient information to accomplish TN Validation for elevation to  A attestation. Industry consensus has not yet coalesced on call authentication with less than  A (full) attestation in some call scenarios. This could include the best practices, as appropriate, endorsed by this working group and explained in this document, including the vetting of customers and the validation of telephone numbers used for the services offered. For example, international VSPs have proposed technical and contractual solutions that may enable them to work with domestic carrier partners to apply the full range of SHAKEN attestations to calls originating overseas. This  enhanced international attestation approach may offer international providers the means to deliver more information and value to domestic carriers and consumers than if all calls originating outside the U.S. are assigned a  C -level attestation, or are not authenticated. International providers may enter into voluntary commercial agreements with domestic carriers or intermediate providers capable of assigning the relevant SHAKEN attestation level based on information the international provider has collected from its Customers (as well as its vetting, ordering, and TN validation procedures). Industry stakeholders should be permitted to develop the specific mechanisms or techniques by which they achieve higher levels of fidelity to SHAKEN attestation for international traffic. 15 In one example of this arrangement, international voice traffic could be segmented into separate streams via a multi-trunk approach that correlates to the three attestation levels of SHAKEN  A for calls that originated on a provider s network from numbers assigned to the originating subscriber,  B for calls that originated on a provider s network from numbers that were not assigned to the originating subscriber, and  C for calls that neither originated on a provider s network nor from numbers assigned to the originating subscriber. Domestic carriers could then rely on information proffered by the international provider to assign the appropriate attestation level and send the traffic either to another downstream provider or to its termination point.9 It should be noted that while this approach would be voluntary for domestic carriers (permitting these providers to choose international partners that display high levels of trustworthiness), the inclusion of robust commercial and contractual remedies, if an international provider fails to appropriately identify its traffic, could obviate domestic carriers concerns about exposure to reputational or enforcement risk as well as regulators anxieties that such a mechanism could be used as a backdoor for illegal robocalls or spoofing. Additionally, the Global System for Mobile Communications Association (GSMA) has recently undertaken an activity by establishing the Validating INtegrity of End-to-End Signaling (VINES) Working Group to develop a set of recommendations to prevent internetwork signaling fraud, which includes illegal robocalls, illegal spoofing, illegal toll bypass and consumer fraud. One of its objectives is to propose a mechanism to interwork with STIR/SHAKEN. 3.6 Additional best practices for accurate identification of calling party There are several additional best practices discussed by the working group for achieving full attestation for indirect relationships, and for more robust robocall mitigation practices, as discussed below. 3.6.1 Achieving full attestation for indirect relationships There are many use-cases, subscriber types, and subscriber relationships guiding implementation of best practices regarding accurate use of a TN-based caller identity as part of a call and the application of SHAKEN attestation of a call. The base SHAKEN framework has good coverage for direct subscriber relationships. For indirect subscriber relationships, there has been much discussion about solutions to provide end-to-end authentication. Best practices in general should include TN Validation to confirm the authority for an End-User s right-to-use a TN-based caller identity, including a robust mechanism to authenticate the call and allow the OSP to confidently elevate to full attestation  A. The ATIS/SIP Forum IP-NNI Joint Task Force has two study documents that discuss solutions for handling these indirect use-cases: ATIS-1000088, A Framework for SHAKEN Attestation and Origination Identifier; and ATIS-1000089, Study of Full Attestation Alternatives for Enterprises and Business Entities with Multi- Homing and Other Arrangements. 9 See generally Letter of Sheba Chacko, Chief Regulatory Counsel, BT Americas Inc., to Marlene H. Dortch, Secretary, FCC, WC Docket Nos. 17-97, 20-67 (filed Apr. 21, 2020). 16 3.6.2 Robust robocall mitigation practices In addition to the vetting best practices described above, robust robocall mitigation programs should include network monitoring for suspicious calling patterns. If, after appropriate investigation, it is determined that illegal robocalls are likely originating or transiting their networks, SPs should take appropriate action to stem the flow of the calls by taking actions permitted by FCC rules and orders, or contractual provisions. Along with Principle #5, as set forth in section 3.1.3 above, it is recommended that SPs implement the following two best practices delineated in the State Attorneys General/Service Provider Anti-Robocalling Principles: Principle 3  Analyze and Monitor Network Traffic; and Principle 4  Investigate Suspicious Calls and Calling Patterns. The WG recommends these principles, as helpful best practices and recommend that the FCC encourage SPs, as applicable, to adopt applicable best practices as well as the other State Attorneys General/Service Provider Anti-Robocalling Principles. These principles are included in Appendix C for reference. 17 4 Conclusion This report recommends best practices that VSPs may use to implement effective call authentication frameworks. In addressing the six specific questions presented to the WG by the WCB, the group considered the various types of providers operating in the voice ecosystem and the different services they provide. The WG sought to avoid best practice recommendations that were overly prescriptive because narrowly tailored recommendations could be inapt for certain types of services. While recognizing that STIR/SHAKEN is relevant only for IP networks, the group also recommended best practices for a broader robocall mitigation program that apply equally to IP and non-IP networks and services. These best practices must evolve and respond to the dynamic nature of mitigating illegal robocalling. This iterative process should be industry driven to ensure providers have the flexibility and speed to respond to bad actors. Regulatory solutions for example giving service providers more tools (e.g., blocking tools) and taking additional actions that target bad actors effectively complements industry efforts. Further solutions in this same vein (i.e., actions aimed at thwarting bad actors) may be necessary in the future. 18 5 Glossary Attestation  In the context of SHAKEN, the attestation of a call is represented by an  attest claim allowing the OSP that is populating an Identity header to clearly indicate the information it can vouch for regarding the origination of the call. [ATIS-1000074] This includes the known validity of the TN- based caller identity. Authentication  A process based on the Authentication Service (STI-AS) function defined in [ATIS- 1000074] which is the SIP application server that creates an identity header [RFC8224] using private keys to generate a PASSporT [RFC8225] including a digital signature that protects the integrity of the information, most importantly the TN-based caller identity, used in a call. Caller Identity - The originating phone number included in call signaling used to identify the caller for call screening purposes. In some cases, this may be the Calling Line Identification or Public User Identity. [ATIS-1000082] Certificate Validation  An act or process by which a certificate user established that the assertions made by a certificate can be trusted. [ATIS-1000084.v002] Communication Resellers  Non-facilities-based VSPs that are wholesale Customers of and resell the voice services of facilities-based VSPs, whereby the facilities-based VSPs are also the OSPs for the reseller s End-User subscribers. Customer  Typically a service provider s subscriber, which may or not be the ultimate End-User of the telecommunications service. End-User  The entity ultimately consuming the VoIP-based telecommunications service and may include the End-User s device used for placing the call. Enterprise  A business, non-governmental organization, or government entity that is a user of voice services. An enterprise may have direct relationships with any type of service provider, or service or TN reseller described in this document, and may have indirect relationships with any of these entities. An enterprise may initiate calls directly on its own behalf or may contract with other entities (e.g., call centers or hosted service providers) to initiate calls on its behalf. [ATIS-1000089] FCC  Federal Communications Commission. The FCC may also be referred to in this document as  the Commission. Form 499-A  An FCC multi-purpose form used for annual reporting revenues which are used as the basis for federal Fund assessments, funding of some administrative functions, sharing costs for some telephone service administration, and calculating regulatory fees; and one-time (with obligation to revise if information changes) designation of an agent for service of process, and fulfillment of obligations to register with the FCC by law. Identity  Unless otherwise qualified, an identifier that unambiguously distinguishes an entity for authentication and other security and policy application purposes. 19 Identity owner  This is the user, subscribed to the controlling operator, who is currently assigned a specific E.164 phone number for call routing purposes. This E.164 number may be presented to a called party as the user s calling party identity. The identity owner can authorize other users or subscribers of controlling or non-controlling operators to also use the E.164 number as caller identity in phone calls made on the identity owner s behalf. [ATIS-1000072] Identity service provider  An entity that verifies, maintains, manages, and may create and assign identity information of other entities. [ATIS-1000044] Individual  An entity with a characteristic of being human. Intermediate Service Provider  The term Intermediate Provider means any entity that carries or processes traffic that traverses or will traverse the PSTN at any point insofar as that entity neither originates nor terminates that traffic. 47 C.F.R. §64.1600(i) Large Enterprise  See  Enterprise . Originating Service Provider (OSP)  The service provider that handles the outgoing calls from a customer at the point at which they are entering the public network. The OSP performs the STIR/SHAKEN Authentication function. The OSP may also serve in the role as TNSP, Resp Org, TN reseller and other roles. [ATIS-1000089] Resp Org  A Responsible Organization is an entity authorized by the FCC to assign tollfree numbers to Customers. A Resp Org may also be a service provider, a TN Reseller as well as act in other roles. [ATIS- 1000089] Small Business  A business entity of less size or scale than a large enterprise, which may have direct and/or indirect subscriber relationships with one or more VSPs. Subscriber s Identity  This is the name, title, and authority of the subscriber agreement signatory. Telephone Identity  An identifier associated with the originator or a telephone call. In the context of the SHAKEN framework, this is a SIP identity (e.g., a SIP URI or a TEL URI) from which a telephone number can be derived. [ATIS-1000080] Telephone Number Caller Identity  represents the telephone number used in a telephone call that is uniquely associated with a subscriber. Telephone Number Service Provider (TNSP)  SP that has been formally assigned TNs by the national numbering authority (e.g., NANPA). A TNSP may assign a subset of its TNs to a business entity (i.e., TN Assignee), to be used as Caller Identification (ID) for calls originated by the business entity. TNSPs can also serve in the role as OSP or TSP. [ATIS-1000089] Terminating Service Provider (TSP)  The VSP of the called party. The TSP performs the STIR/SHAKEN Verification function. Third-Party Vetting Service  A service provided to a VSP by a third party for the purpose of vetting potential and current subscribers. 20 Third-Party TN Validation Service  A service provided to a VSP by a third party for the purpose of confirm the right-to-use of TNs for potential and current subscribers. TN-based Caller Identity  The originating phone number included in call signaling used to identify the caller for call screening purposes. In some cases, this may be the Calling Line Identification or Public User Identity. In other cases, this may be a TN-based caller identity that is not associated directly with the calling line or account of the subscriber. [ATIS-1000088] TN Reseller  The party who holds the right-to-use a TN and offers for resale the right-to-use that TN. TN Right-to-Use/Authorization  When a party is appropriately assigned a TN, this is the right-to-use that TN; the assignment confers the right to the use of the numbering resource. TN Validation  A process by which an indirect End-User s authorization to use a telephone number or set of telephone numbers is established and the process of providing that information to the VSP originating the call onto the telephone network through the use of existing and upcoming standardized secure mechanisms. TN Validation can be performed at the time the right-to-use of telephone numbers is established or throughout the life of the contract. Value-added Service Provider (VASP)  Generally, a third-party provider supporting value-added services, for example including applications beyond the core voice calling services offered by a traditional VSP. In this document, it is used as a general term for VoIP and VoIP application providers that offer voice services without having direct interconnection with other VSPs utilizing wholesale providers for call origination and termination. Verification  A process based on the Verification Service (STI-VS) function defined in [ATIS-1000074] which is the SIP application server that checks the validity of an identity header [RFC8224] using SHAKEN certificates to verify the digital signature contained in a PASSporT [RFC8225] and then the integrity of the information, most importantly the TN-based caller identity, used in a call. Vetting  A process by which a customer s identity and operational legitimacy is confirmed by their service provider. Confirmation can be performed at the time service is established (initial confirmation of identity) or throughout the life of the service subscription or contract (ongoing confirmation such as evaluation of roboscores or traffic patterns indicative of abusive robocalling). TNs are not part of the vetting process; TNs are covered by the TN Validation process. Vetted  The successfully verified result of a vetting activity. Voice Service Provider (VSP)  The service provider whose network is interconnected to other service providers to both originate and terminate calls across the telephone network. The VSP is responsible for performing both STIR/SHAKEN Attestation functions when acting as the OSP and STIR/SHAKEN Verification functions when acting as the TSP [ATIS-1000089] aka Telephone Service Provider. Wholesale Service Provider  A facilities-based VSP that acts as: an OSP for the End-User of a Reseller; an Intermediate Service Provider, or a gateway provider. 21 Appendix A  Attestation Level Guideline Details ATIS-1000074, Section 5.2.3 Attestation Indicator ( attest ) Note 1 under A. Full Attestation states: The signing provider is asserting that their customer can  legitimately use the number that appears as the calling party (i.e., the Caller ID). Two essential qualifications of the A-level attestation listed in ATIS-1000074 are that the signing service provider:10 " Can identify the End-User. " Has established a verified association of the End-User with the telephone number used for the call. Two other aspects not listed in ATIS-1000074 but which can have a bearing on the application of the local policy used by a service provider to assign attestation during call authentication are: " Connectivity of the signing service provider to the End-User. " Business relationship of the signing service provider with the End-User. These additional aspects can be used by the signing service provider to better identify the End-User and to qualify if the call is coming from an individual or enterprise, or another service provider. If the service provider is directly connected to the End-User, origin and screening information may be available and able to be used to assess if the calling number can be legitimately asserted by the End- User. Conversely, if the service provider is not directly connected to the End-User and is instead receiving the call from another service provider, the indirect connection between the signing service provider and the calling entity obfuscates origin and screening information inhibiting the signing service provider s ability to assess if the calling number can be legitimately asserted by the End-User. If the End-User is an individual or business customer the signing service provider is very likely directly connected to them and the key aspects highlighted in ATIS-1000074 regarding confirmed real-world identity of the End-User, and a verified association with the calling number are then cardinal in assessing assignment of attestation. And, if the calling entity is connected to and is a customer of another service provider, then there probably is not be a direct business relationship with the calling entity. Each of the qualifications outlined can be analyzed using two possible values per qualification. i.e., real- world identity is confirmed (or not), caller association with calling number is verified (or not), signing service provider is directly connected to the caller (or not), the calling entity is a customer (or not). 10 Note: For alignment with terminology used in this document, some of the terms in this appendix have been modified from the original ATIS-1000074 text. 22 Taken together, the four qualifying factors with two possible values each, yields sixteen possible combinations which can be assessed to estimate the appropriate attestation level of A (full), B (partial), or C (gateway) when authenticating (i.e., signing) a call. The table below outlines all 16 possible scenarios using the 4 qualifying factors: The full set of 16 possible combinations of qualifying factors contains several combinations which are unlikely, but which were shown for completeness. A more likely consolidated subset of eight (8) combinations from the table above is shown below: 23 Appendix B  Resp Org Establishment For the general offering of telephone services to subscribers, a TNSP, Resp Org, or other telephone application provider should vet the identification of either the End-User or Customer entities to whom they offer telephone services. However, in the case of the Toll Free, there is an advanced step required before the Resp Org is able to access Toll-Free Numbers for assignment to their End-User. For Toll-Free Numbers, the authoritative database is the Toll-Free Number Registry. Resp Orgs are the only parties who can assign Toll-Free Numbers, per FCC requirement. The following is the process used for a party to get approved as a Resp Org and then get access to Toll-Free Numbers that they can assign to their End Users. The following are the Resp Org Establishment Steps: Any person, company, or organization that can demonstrate the required skills and financial responsibility for managing Toll-Free Numbers can apply to become a Toll-Free Service Provider (Resp Org) in the SMS/800 Toll-Free Number Registry. 1) Complete a multi-page application that includes information on the business, contacts, billing, and certifications by the Resp Org. Resp Orgs are required to upload a copy of their IRS W-9 form at this time. 2) Attend a SMS/800 Toll-Free Number Registry week-long class or self-train with provided materials about Toll-Free. 3) Successfully complete an exam on Toll-Free Industry practices. Exam covers knowledge of customer records, number administration, and service provisioning. 4) Submit a deposit equal to the greater of two months Resp Org s anticipated bill from the Toll-Free Number Administrator, or $4,000. The deposit will be returned in 12 months (with interest) if the Resp Org has a record of paying its bill in full and on time. After completing all steps, the applicant will be certified as a Toll-Free Service Provider (i.e., Resp Org), and a Resp Org ID will be assigned. For reference, the ATIS SMS/800 Number Administration Committee (SNAC) developed and maintains ATIS-0417001, Industry Guidelines for Toll-Free Number Administration. 24 Appendix C  State Attorneys General/Service Provider Anti- Robocall Principles The Model Anti-Robocall Principles include the eight principles below:11 Principle #1  Offer Free Call Blocking and Labeling. For smartphone mobile and VoIP residential customers, make available free, easy-to-use call blocking and labeling tools and regularly engage in easily understandable outreach efforts to notify them about these tools. For all types of customers, implement network-level call blocking at no charge. Use best efforts to ensure that all tools offered safeguard customers personal, proprietary, and location information. Principle #2  Implement STIR/SHAKEN. Implement STIR/SHAKEN call authentication. Principle #3  Analyze and Monitor Network Traffic. Analyze high-volume voice network traffic to identify and monitor patterns consistent with robocalls. Principle #4  Investigate Suspicious Calls and Calling Patterns. If a provider detects a pattern consistent with illegal robocalls, or if a provider otherwise has reason to suspect illegal robocalling or spoofing is taking place over its network, seek to identify the party that is using its network to originate, route, or terminate these calls and take appropriate action. Taking appropriate action may include, but is not limited to, initiating a traceback investigation, verifying that the originating commercial customer owns or is authorized to use the Caller ID number, determining whether the Caller ID name sent to a receiving party matches the customer s corporate name, trademark, or d/b/a name, terminating the party s ability to originate, route, or terminate calls on its network, and notifying law enforcement authorities. Principle #5  Confirm the Identity of Commercial Customers. Confirm the identity of new commercial VoIP customers by collecting information such as physical business location, contact person(s), state or country of incorporation, federal tax ID, and the nature of the customer s business. Principle #6  Require Traceback Cooperation in Contracts. For all new and renegotiated contracts governing the transport of voice calls, use best efforts to require cooperation in traceback investigations by identifying the upstream provider from which the suspected illegal robocall entered its network or by identifying its own customer if the call originated in its network. Principle #7  Cooperate in Traceback Investigations. To allow for timely and comprehensive law enforcement efforts against illegal robocallers, dedicate sufficient resources to provide prompt and complete responses to traceback requests from law enforcement and from USTelecom s Industry Traceback Group. Identify a single point of contact in charge of responding to these traceback requests and respond to traceback requests as soon as possible. 11 The principles also include an introduction, definitions, a disclaimer, and signatories not included in this appendix. The full State Attorneys General Anti-Robocall Principles is available at: https://www.ustelecom.org/wp- content/uploads/2019/08/State-AGs-Providers-AntiRobocall-Principles-With-Signatories.pdf. 25 Principle #8  Communicate with State Attorneys General. Communicate and cooperate with state Attorneys General about recognized scams and trends in illegal robocalling. Due to the ever-changing nature of technology, update the state Attorneys General about potential additional solutions for combatting illegal robocalls. 26