It’s time to restore identity and trust to digital communications
Innovation to identify legitimate senders and eliminate bad actors are part of today's technology complexities in need of industry-wide cooperation.
Way back when the Internet was young and early internet surfers were using 3600 baud modems to launch themselves via copper into the Netscape driven
There are a number of other technologies and initiatives aimed at ensuring trust. For me, as someone who appreciates the history of digital communications, it’s interesting to see all of these efforts trying to accomplish something that was invented more than 50 years ago: caller ID. Remember caller ID from the good ol’ landline days…where you could view the number that was calling you on your phone and see or hear the caller’s name and location?
Caller ID: Where has it gone?
The short answer is: caller ID still exists, but it’s a lot more complicated than you think.
When I said that it’s more than 50 years old, I wasn’t kidding. Caller ID was invented in 1968 by Ted Paraskevakos – long before cell phones were even an idea. The system that Mr. Paraskevakos invented (and Kazuo Hashimoto perfected in 1976) boiled down to this: when a person dialed another person, their phone sent a signal through the wires to the recipient. Landline numbers were (and today often still are) tied by physical wires connected to the local phone company’s central switch. In those days, a number was always identified with a specific address and location. Caller ID simply matched the number and location with the subscriber’s name and location.
How cell phones complicate caller ID
The advent of cell phones made the caller ID process more complicated. Cell phones now dominate phone calls. Nearly 55% of US homes in 2018 did not have a landline – only a cell phone. That number jumps to 77% when you only count millennials (aged 25-34)! The basic technology of cell phone calls
In the early days of cell phones, caller ID was largely dependent on the contact list stored in someone’s cell phone. For the most part, during those days, the only people calling each other were people who knew each other. From a product perspective, wireless carriers in that era didn’t see caller ID as critical as other services – like text and voice mail – because of the prevalence of the contact list. A lot of consumers felt they already had caller ID, and still do today. But, in reality, as has become apparent in an age of robocalls and rampant phone scams, the majority of consumers do not have caller ID, and trust in the overall communications process has plummeted.
There’s a link here with how companies viewed address books for email marketing. A brand who managed to get their recipient to add their from address to their email client’s address book benefited from improved inbox placement. Similarly, caller ID helped establish credibility when a company calls to schedule delivery or returning a customer service call. Again, we live in an era of trust but verify because our communication channels and platforms have been exploited.
Caller ID comes to cell phones
The wireless carriers did eventually get around to offering true caller ID in 2011 for around $3-5/month. The delay was partly because smartphones – which could accommodate the complex caller ID process – didn’t hit the market until 2007.
But the main reason caller ID wasn’t a priority? Because it really wasn’t needed – until the plague of robocalls, spoofing and phone scams started to become ubiquitous. That led to a demand for caller ID with a name attached to a number that showed up on the phone.
- T-Mobile offers services like Scam Likely and Scam ID
- AT&T customers can opt-in to services such as Call Protect and Call Protect Plus
- Verizon has Call Filter while Sprint offers Premium Caller ID.
- iOS 13 will give iPhone users the ability to route all unknown calls to voice mail thus preventing the delivery of robocalls, but legitimate calls in the process, how many of you store the number of your Doctor’s Office, and is it consistent for inbound and outbound?
The problem is, fewer than 5% of consumers have opted into caller ID and name services on their cell phones. Again, caller ID has been available – it just hasn’t been widely utilized by consumers.
And now, even with traditional caller ID enabled on their cell phones – like we used to have on landlines – consumers may still not know who is calling them.
The reason? Spoofing. In its simplest form, spoofing a number or email address means the sender is pretending to be someone they are not when placing a call or sending an email. There are legitimate use cases for spoofing, such as a doctor’s office calling you, or the placing of a call by a ride-sharing app to protect the driver’s and the callee’s personal information. In an age when the phone system is no longer tethered by copper but has gone virtual thanks to SIP
So while caller ID still exists today and is readily available, it doesn’t instill enough trust for you to answer the call. There really hasn’t been a way to prove that the person making the call is indeed who they say they are.
The new (old) era of communications
Spoofing is why the communications industry is now starting to roll out a new technology known as SHAKEN/STIR. SHAKEN/STIR stands for “Secure Handling of Asserted information using toKENs” and “Secure Telephony Identity Revisited.” Simply put, with SHAKEN/STIR, the service provider that originates a call onto the public telephone network will cryptographically sign the caller ID and called number with a private key so the call can transit the networks securely. Upon reaching the terminating carrier, a public certificate is used to decrypt and verify the call.
Under this scheme, when a call finally reaches its destination it might be accompanied by a check
The process is very similar to how websites currently handle trusted communications. Certification authorities (CAs) issue digital certificates verifying the authenticity of websites and their content. As a result, a user knows they are visiting a legitimate website, as opposed to one that has been
Times they are-a-changing!
In November 2018, Ajit Pai, the chairman of the Federal Communications Commission (FCC), required carriers to implement the SHAKEN/STIR framework to help establish the validity of placed calls by connecting callers and numbers through cryptographic signing. Remember caller ID? Knowing who called and being able to, with confidence, attest to the validity of that caller is critical to combatting spoofed calls and robocalls. Although SHAKEN/STIR won’t tell you exactly who called, it will provide a visual indicator that the caller owns the number initiating a call and help in tracing fraudulent calls. If a carrier can “automagically” tell that a call isn’t who it claims to be, or from whom it purports to have originated, then they can simply not deliver that call. This is pretty much how email authentication protects us from the rash of phishing attacks.
Earlier in the year, I wrote about the history of email in a 3 part series.
The problem of phishing and spoofing in
Wouldn’t it be great if the consumer had more information than just a green check mark indicating the call has been verified? For me personally, I’m not sure that would instill enough confidence to answer a call from a number I hadn’t seen or heard of before. Call me a skeptic. Numerous companies – both carriers and technology vendors — are working on solutions to make the call you see more friendly and informational. Some of the solutions out there not only verify the call, but also create the ability for the caller to transmit the reason for the call. In the hypothetical example below, how likely would you be to pick up the call if your flight was canceled versus how it’s done today with a 1-800 calling you? If I hadn’t put United’s number in my contact list, I’d never answer that phone call. What if the notice on your phone looked like this?
The mission to regain trust
The way we interact with our phones is changing thanks to caller ID apps such as CallApp, Hiya, Robokiller
One wonders what the inventors of the original version of caller ID on landlines would think about today’s various technologies and efforts to pursue trusted communications – caller ID services from carriers, apps, SHAKEN/STIR and a number of other initiatives. All of it is needed to regain that sense of trust and faith in the phone call and inbox that we all took for granted during the golden age of landlines and the earliest days of email. The complexity of today’s communications process by default demands complex solutions and industry-wide cooperation. But industry-wide cooperation is not anything new. After all, carriers and system providers cooperated in the old days of landlines, too. There may have been less of them, but still, the cooperation was there. I believe that same sense of cooperation exists today, too, just on a bigger scale. Caller ID, innovation, trusted communications, industry cooperation – the more things change, the more they are the same.