The law requires telecommunications service providers to implement Secure Telephony Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols by January 1, 2021. These protocols are designed to attest to the authenticity of caller identification data and provide service providers with information to help ensure that calls are not spoofed. Carriers may also implement an “alternative technology” as long as it “provides comparable or superior capability to verify and authenticate caller identification for calls carried over an internet protocol network.” Demonstrating a “good faith” effort to implement STIR/SHAKEN will serve as a defense against a claim that a service provider failed to meet the STIR/SHAKEN deadline. The law does not require carriers to block calls.
The California law sets a deadline for carriers to implement STIR/SHAKEN and is the latest in a series of ongoing efforts to promote STIR/SHAKEN or similar call authentication frameworks:
In addition to the STIR/SHAKEN requirements, the Consumer Call Protection Act authorizes the California Attorney General (CA AG) and the California Public Utilities Commission (CPUC) to “take all appropriate actions to enforce” the federal Telephone Consumer Protection Act (TCPA) and FCC regulations promulgated under the TCPA.
Authored by Mark Brennan, Arpan Sura and John Castle