Certificate access policy also approved.
WASHINGTON, DC — The Secure Telephone Identity Governance Authority (STI-GA) today announced the execution of the contract with iconectiv as the Secure Telephone Identity Policy Administrator (STI-PA), a critical role in industry efforts to mitigate illegal robocalling.
As the STI-PA, iconectiv enforces the rules defined by the STI-GA to operationalize the SHAKEN (Signature-based Handling of Asserted information using toKENs) framework. SHAKEN provides a mechanism for service providers (SPs) to authenticate calls and let consumers know that the displayed Caller ID information is accurate.
The STI-PA will apply and enforce mechanisms designed to ensure that STI certificates are available only to authorized service providers based on rules defined by the STI-GA. Those rules are part of the Service Provider Code (SPC) token access policy also approved by the STI-GA. Service providers must obtain the SPC token before they can access the STI certificates that will be used to sign (authenticate) calls. The STI-GA Board determined that an entity must meet the following criteria to access STI certificates:
- Have a current FCC Form 499A on file with the FCC (filed by all intrastate, interstate, and international providers of telecommunications (including VoIP providers) within the United States, with limited exceptions)
- Have an Operating Company Number (OCN)
- Have direct access to telephone numbers from the North American Number Plan Administrator (NANPA) and National Pooling Administrator (NPA) 
The STI-GA Board further agreed that these criteria would be reviewed at least quarterly following implementation later this year. This allows for flexibility in how the SHAKEN framework is implemented. Indeed, flexibility is one of the hallmarks of the industry-run STI governance framework and will remain critical as this ecosystem develops. Today’s announcement marks two more critical steps to advance the STI-GA’s goal of having the SHAKEN framework fully implemented by December 31, 2019.
- While the access limitation is reasonable, signing a given call should not be limited to only the pool of numbers available to the provider via direct access. In other words, per ATIS-100074, 5.2.3, under correct conditions a qualified service provider (SP) must be allowed to sign leased numbers as well as other numbers belonging to an OCN not assigned to that qualified SP insofar as the SP can properly verify the customer’s authorized use of that number.
About the STI-GA
The Secure Telephone Identity Governance Authority (STI-GA) is the industry-led effort to support the timely deployment of the STIR/SHAKEN protocol and framework. The STI-GA Board consists of representatives from the following stakeholders:
- Chair – Linda Vandeloop, AT&T
- Vice Chair – Glenn Clepper, Charter Communications; appointed by NCTA – The Internet & Television Association
- Clinton Lee, Jackson Energy Authority; appointed by the America’s Communications Association
- Nathan Sutter, Nex-Tech Wireless; appointed by the Competitive Carriers Association
- Indra Chalk, T-Mobile; appointed by CTIA
- Greg Rogers, Bandwidth; appointed by INCOMPAS
- Dave Frigen, Wabash Communications; appointed by NTCA – The Rural Broadband Association
- Chris Oatway, Verizon; appointed by US Telecom
- Gunnar Halley, Microsoft; appointed by the VON Coalition
- Michael Starkey, QSI Consulting, Inc.; appointed by Western Telecommunications Alliance and TEXALTEL
- Tim Kagele, Comcast
- Darah Franklin, Google
Learn more about the industry-led STI-GA and its critical contributions toward combatting illegal robocalling.