Compliance and Enforcement and Telecom Notice of Consultation CRTC 2017-4
Reference: Compliance and Enforcement and Telecom Regulatory Policy 2016-442 and 2017-4-1
Ottawa, 9 January 2017
File numbers: 1011-NOC2017-0004 and 8665-C12-201507576
Call for comments
Measures to reduce caller identification spoofing and to determine the origins of nuisance calls
Deadline for submission of interventions: 8 February 2017
[Submit an intervention or view related documents]
The Commission hereby initiates a proceeding to build on its previous proceeding to enhance protections for Canadians from unwanted unsolicited and illegitimate telecommunications. Specifically, the Commission will further examine the development and implementation of technical solutions to (i) prevent spoofing of caller identification information, and (ii) trace and identify the source of a call. The Commission will also consider establishing associated regulatory measures as appropriate.
Introduction
- In Compliance and Enforcement Notice of Consultation 2015-333, the Commission initiated a proceeding to gather information regarding technical solutions that Canadians may leverage to protect themselves from unwanted unsolicited and illegitimate (nuisance) calls.
- The outcome of that proceeding was Compliance and Enforcement and Telecom Regulatory Policy 2016-442, in which the Commission found that Canadians did not have access to sufficient technical solutions to protect themselves from nuisance calls. Accordingly, it took measures to ensure that all Canadians benefit from a base level of protection from nuisance calls through the provision of universal blocking of blatantly illegitimate calls at the network level by all carriers. It also clarified the terms pursuant to which telecommunications service providers (TSPs) could, and should, offer opt-in filtering services to manage suspect nuisance calls on behalf of subscribers to these services, and took measures to monitor the deployment of these services in Canada.
- In light of significant developments following the close of the record of that proceeding, the Commission stated in that decision its intention to initiate a follow-up proceeding to consider further measures intended to mitigate caller identification (ID) spoofing.
Background
- Caller ID information includes the telephone number and name of the calling party, and is generally included in the signaling information for voice calls. It is relatively easy to modify the caller ID information associated with a given line or call, and there are sometimes legitimate reasons to do so. By contrast, caller ID spoofing occurs when illegitimate telemarketers or fraudulent callers conceal or misrepresent their true identity by displaying inaccurate, false, or misleading caller ID information to induce Canadians to respond to the call. Absent a means to verify the accuracy and authenticity of this information, consumers and TSPs cannot reliably distinguish between legitimate and spoofed calls. This undermines consumers' trust in the telecommunications system and erodes their ability to screen calls based on caller ID information.
- The telecommunications industries in the United States (U.S.) and the United Kingdom (U.K.) have developed approaches and mechanisms to improve the accuracy and authenticity of caller ID information that could be introduced by TSPs in Canada and elsewhere to reduce caller ID spoofing.
- Specifically, efforts have focused on the development of a framework that enables a calling party to certify the caller ID information associated with the call, and for the recipient of the call to verify its accuracy and authenticity. To this end, the Internet Engineering Task Force (IETF)Footnote 1 has developed a technical standard known as Secure Telephone Identity Revisited (STIR) that defines the use of certificates to authenticate the telephone number contained in the caller ID information for calls made over newer Internet Protocol (IP)-based networks.
- As set out in its whitepaper titled Developing Calling Party Spoofing Mitigation Techniques: ATIS' Role, the Alliance for Telecommunications Industry Solutions (ATIS)Footnote 2 has adapted STIR for near-term implementation by TSPs. The profile for STIR developed by ATIS, called Signature-based Handling of Asserted information using toKENs (SHAKEN), enables TSPs to perform certification at call origin and verification at call termination of telephone numbers on behalf of their subscribers. ATIS has also developed a detailed test plan and environment to validate the SHAKEN protocol and to ensure interoperability between TSPs, as well as a framework for ensuring that verified caller ID information is displayed to end-users in a consistent and secure format.
- On 25 July 2016, leaders of the U.S. telecommunications industry formed the Robocall Strike Force (Strike Force) to accelerate the development and deployment, by standards bodies and carriers, of technical standards and solutions to prevent, detect, and filter unwanted robocalls. In its report to the U.S. Federal Communications Commission on 26 October 2016, the Strike Force set out a number of findings and recommendations, including an accelerated timeline for the adoption and implementation of caller ID authentication, a proposed solution for caller ID authentication in legacy networks, as well as mechanisms to trace the origins of a spoofed call.
- With respect to call traceback, the Network Interoperability Consultative Committee (NICC) in the U.K. established guidelines which set out the roles and responsibilities for initiating and responding to requests for call traces by both the Office of Communications (Ofcom) and Information Commissioner's Office.
Call for comments
- In this proceeding, the Commission is seeking information and comments on
- the implementation, use, and effectiveness of technical solutions to authenticate caller ID information for wireline, wireless, and voice over Internet Protocol (VoIP) networks in Canada;
- the implementation, use, and effectiveness of mechanisms to trace and identify the source of a call;
- any barriers to implementation that would need to be addressed to facilitate these solutions and mechanisms; and
- what regulatory measures, if any, should be established to ensure that Canadians have confidence in the caller ID information displayed.
- To assist in developing a full and complete record on the above matters, the Commission is asking parties to address, at a minimum, the specific issues set out in Appendix 1 of this notice.
- As a result of this proceeding, the Commission could impose requirements on all TSPs including traditional wireline, wireless, VoIP, and Internet service providers that provide local telephone exchange services to residential customers, whether or not they choose to file an intervention to this proceeding.
Procedure
- All parties to the proceeding initiated by Compliance and Enforcement Notice of Consultation 2015-333 are parties to this proceeding. The record of the proceeding initiated by that notice, which led to Compliance and Enforcement and Telecom Regulatory Policy 2016-442, forms part of the record of this proceeding.
- The Canadian Radio-television and Telecommunications Commission Rules of Practice and Procedure (the Rules of Procedure), which apply to this proceeding, set out, among other things, the rules for the content, format, filing, and service of interventions, answers, replies, and requests for information; the procedure for filing confidential information and requesting its disclosure; and the conduct of public hearings. Accordingly, the procedure set out below must be read in conjunction with the Rules of Procedure and related documents, which can be found on the Commission's website at www.crtc.gc.ca, under "Statutes and Regulations." The guidelines set out in Broadcasting and Telecom Information Bulletin 2010-959 provide information to help interested persons and parties understand the Rules of Procedure so that they can more effectively participate in Commission proceedings.
- Parties to this proceeding, and interested persons who wish to become parties to this proceeding, must file an intervention with the Commission regarding the matters being considered as outlined above, and the specific issues set out in Appendix 1 of this notice, by 8 February 2017. The intervention must be filed in accordance with section 26 of the Rules of Procedure. Parties should provide supporting rationale and all evidence on which they rely to formulate their positions.
- Parties are permitted to coordinate, organize, and file, in a single submission, interventions by other interested persons who share their position. Information on how to file this type of submission, known as a joint supporting intervention, as well as a template for the accompanying cover letter to be filed by parties, can be found in Telecom Information Bulletin 2011-693.
- All parties may file final submissions with the Commission on any matter within the scope of this proceeding by 23 February 2017. Final submissions, including an executive summary, are not to exceed 15 pages.
- The Commission encourages interested persons and parties to monitor the record of this proceeding, available on the Commission's website, for additional information that they may find useful when preparing their submissions.
- Submissions longer than five pages should include a summary. Each paragraph of all submissions should be numbered, and the line ***End of document*** should follow the last paragraph. This will help the Commission verify that the document has not been damaged during electronic transmission.
- Pursuant to Broadcasting and Telecom Information Bulletin 2015-242, the Commission expects incorporated entities and associations, and encourages all Canadians, to file submissions for Commission proceedings in accessible formats (for example, text-based file formats that allow text to be enlarged or modified, or read by screen readers). To provide assistance in this regard, the Commission has posted on its website guidelines for preparing documents in accessible formats.
- Submissions must be filed by sending them to the Secretary General of the Commission using only one of the following means:
by completing the
[Intervention form]or
by mail to
CRTC, Ottawa, Ontario K1A 0N2or
by fax to
819-994-0218 - Parties who send documents electronically must ensure that they will be able to prove, upon Commission request, that filing of a particular document was completed. Accordingly, parties must keep proof of the sending and receipt of each document for 180 days after the date on which the document is filed. The Commission advises parties who file documents by electronic means to exercise caution when using email for the service of documents, as it may be difficult to establish that service has occurred.
- In accordance with the Rules of Procedure, a document must be received by the Commission and all relevant parties by 5 p.m. Vancouver time (8 p.m. Ottawa time) on the date it is due. Parties are responsible for ensuring the timely delivery of their submissions and will not be notified if their submissions are received after the deadline. Late submissions, including those due to postal delays, will not be considered by the Commission and will not be made part of the public record.
- The Commission will not formally acknowledge submissions. It will, however, fully consider all submissions, which will form part of the public record of the proceeding, provided that the procedure for filing set out above has been followed.
Important notice
- All information that parties provide as part of this public process, except information designated confidential, whether sent by postal mail, facsimile, email, or through the Commission's website at www.crtc.gc.ca, becomes part of a publicly accessible file and will be posted on the Commission's website. This includes all personal information, such as full names, email addresses, postal/street addresses, and telephone and facsimile numbers.
- The personal information that parties provide will be used and may be disclosed for the purpose for which the information was obtained or compiled by the Commission, or for a use consistent with that purpose.
- Documents received electronically or otherwise will be posted on the Commission's website in their entirety exactly as received, including any personal information contained therein, in the official language and format in which they are received. Documents not received electronically will be available in PDF format.
- The information that parties provide to the Commission as part of this public process is entered into an unsearchable database dedicated to this specific public process. This database is accessible only from the web page of this particular public process. As a result, a general search of the Commission's website with the help of either its search engine or a third-party search engine will not provide access to the information that was provided as part of this public process.
Availability of documents
- Electronic versions of the interventions and other documents referred to in this notice are available on the Commission's website at www.crtc.gc.ca by using the file numbers provided at the beginning of this notice or by visiting the "Participate" section of the Commission's website, selecting "Submit Ideas and Comments," then selecting "our open processes." Documents can then be accessed by clicking on the links in the "Subject" and "Related Documents" columns associated with this particular notice.
Documents are also available at the following address, upon request, during normal business hours.
Les Terrasses de la Chaudière
Central Building
1 Promenade du Portage, Room 206
Gatineau, Quebec
J8X 4B1
Tel.: 819-997-2429
Fax: 819-994-0218Toll-free telephone: 1-877-249-2782
Toll-free TDD: 1-877-909-2782
Secretary General
Related documents
- Empowering Canadians to protect themselves from unwanted unsolicited and illegitimate telecommunications, Compliance and Enforcement and Telecom Regulatory Policy CRTC 2016-442, 7 November 2016
- Empowering Canadians to protect themselves from unwanted unsolicited and illegitimate telemarketing calls, Compliance and Enforcement Notice of Consultation CRTC 2015-333, 23 July 2015; as amended by Compliance and Enforcement Notices of Consultation CRTC 2015-333-1, 17 August 2015; and 2015-333-2, 5 January 2016
- Filing submissions for Commission proceedings in accessible formats, Broadcasting and Telecom Information Bulletin CRTC 2015-242, 8 June 2015
- Filing of joint supporting interventions, Telecom Information Bulletin CRTC 2011-693, 8 November 2011
- Guidelines on the CRTC Rules of Practice and Procedure, Broadcasting and Telecom Information Bulletin CRTC 2010-959, 23 December 2010
Appendix 1 to Compliance and Enforcement and
Telecom Notice of Consultation CRTC 2017-4
In their comments on the issues identified in paragraph 10 of this notice, parties are to address the following:
Issues to be addressed by all parties to this proceeding
- Comment on the appropriateness and effectiveness of using STIR and SHAKEN to certify and verify caller ID information in order to reduce caller ID spoofing in Canada and whether there are other standards or approaches that would be more effective and appropriate for ensuring the accuracy and authenticity of caller ID information in Canada. Comments should also address any concerns regarding the protection of customer information.
- With respect to STIR and SHAKEN, comment on
- the use of the tiered approach defined in SHAKEN whereby TSPs fully or partially certify caller ID information based on the nature of their relationship to the calling party, their knowledge of the telephone number, and the origin of the call, as well as the effectiveness of this approach at reducing caller ID spoofing in Canada;
- the ability of STIR/SHAKEN to ensure the accuracy and authenticity of the calling party's name in Canada, its effectiveness in doing so, as well as any additional measures that are required to this end;
- the effectiveness of the display framework developed by ATIS to ensure that verified caller ID information is displayed to end-users in a consistent and secure format;
- the designation and governance of one or more authorities that would issue certificates to enable the implementation of STIR/SHAKEN in Canada, and that would authorize and provide secure access to these authentication mechanisms; and,
- the implementation and effectiveness of approaches to certify and verify calls that originate or terminate on legacy networks, or that transit over legacy networks.
- Comment on the most appropriate metrics to measure the deployment of STIR/SHAKEN or another standard or approach to ensure the accuracy and authenticity of caller ID information in Canada.
- Identify specific regulatory measures, or other measures, that would ensure that all calls in Canada are expeditiously certified and verified pursuant to STIR/SHAKEN, or that would ensure the expeditious and ubiquitous implementation of other standards or approaches to ensure the accuracy and authenticity of caller ID information in Canada. Also indicate whether the Commission should impose such regulatory measures.
- Comment on the appropriateness of TSPs tracing nuisance calls on behalf of subscribers, including whether this would be permitted under their current Terms of Service. Provide specific comments regarding measures that should be implemented to safeguard the personal information of Canadians.
- Comment on the feasibility of establishing an industry-managed entity or government-led voluntary process for tracing nuisance calls in Canada, as proposed by the U.S. Strike Force in its report or as established by the NICC in the U.K., respectively. If applicable, provide detailed recommendations for establishing this capability in Canada, for example, any regulatory measures to this end.
Issues to be addressed by the large incumbent local exchange carriers (ILECs),Footnote 3 small ILECs, Northwestel Inc., and competitive local exchange carriers made party to this proceeding
- Indicate whether you are able to deploy STIR/SHAKEN on all of your telephony platforms, the specific steps required for deployment, and your intentions to do so. If applicable, indicate the dates by which you will begin certifying and verifying calls on your network(s), as well as the date by which you will certify and verify all calls on your network(s).
- Indicate the average number of calls that are processed by your IP-based wireline network, legacy wireline network, and wireless network on a monthly basis. Estimate the number of these calls that contain inaccurate, false, or misleading caller ID information (i.e. spoofed calls) on each of these network platforms, as well as the specific criteria that were used in developing these estimates.
- Date modified: