Posted on: 22nd June 2023, by Magrathea
We have been busy submitting our response to this latest consultation which sets out to understand if CLI Authentication (similar to STIR/SHAKEN already introduced in the USA) could be used to reduce nuisance and spam calls in the UK.
The basic principle is that the provider originating a call will flag that they have verified the user making the call is using a CLI that is allocated to them or they have the right to use. This flag follows the call path to the provider terminating the call who can then make an informed choice to connect the call or not.
This consultation is the latest activity in a long run of actions focussed on this particular blight on UK consumers and is getting attention from the highest echelons due to some high-profile cases. The truth is, this is a problem that is costing the country millions of pounds and having a devasting effect on those that fall victim to scams.
Ofcom’s consultations
The idea of CLI Authentication was discussed in the 2019 consultation “Promoting trust in telephone numbers” but it was too early in the migration to IP for it to really get a foothold. Similarly, the idea of a common numbering database was also mooted, but fell down the list for a while. Both are now being revisited.
Much has happened however, in the time since that consultation and resulting statement. In the interim Ofcom issued further consultations and statements on the topic of nuisance and scam calls which have seen us all take steps to reduce this behaviour, including:
- Improved guidance to improve due diligence and ‘know your customer’ checks.
- Clear rules around what can be accepted as a valid CLI and what checks should be done.
- A new obligation to block calls with a CLI that appears on the ‘do not originate’ list.
- An obligation to block calls that originate abroad but have a UK network CLI (with some exceptions).
But it isn’t only Ofcom who are focussing on this issue. A new Bill is making its way through parliament (see here https://bills.parliament.uk/bills/3430) . The Data Protection and Digital Information Bill will give the ICO more powers and will require our industry to more be proactive in monitoring for fraudulent behaviours and reporting them.
Alongside this, key government departments have collaborated on a factsheet (Found here: https://www.gov.uk/government/publications/economic-crime-and-corporate-transparency-bill-2022-factsheets/factsheet-failure-to-prevent-fraud-offence#what-is-the-government-doing-and-why) which sets out the impact of the Economic Crime and Corporate Transparency Bill. This is aimed at larger organisations and will come with guidance on how to monitor and deal with a variety of fraud offences.
Here at Magrathea we have always worked closely with the various authorities that get involved in these matters, earning ourselves a good reputation for being helpful and doing our best to uphold the law and align with our values. Even so, we can feel an increased intensity for the work being done and a need to keep finding solutions to battle this scourge on the UK consumer.
Would CLI authentication help?
Nobody is likely to argue that there is just one thing that will stamp out (illegal) nuisance and scam calls, rather it will be a combination of factors that make it more challenging for the perpetrators. Of course, they will keep finding other ways to carry out their business but having clarity of where calls originate would be a good start.
However, the fact that this initiative would help is not enough to make it a mandated requirement. Ofcom have to weigh up if the cost and resources required to implement the solution will deliver sufficient benefit to make it proportionate and justified.
The early feedback from USA isn’t overwhelmingly positive and other countries are too early into the process to give much confidence that we should push ahead. We also know the cost to many providers will be considerable, with some needing new equipment and major reprogramming of their SIP environment.
Our viewpoint right now
Magrathea has always been supportive of CLI authentication generally, so long as it can be justified in a cost/benefit analysis, and we think more work needs to be done there. Not least because the proposed implementation doesn’t really seem to give any real benefit. We will certainly be suggesting to Ofcom that a detailed consultation on the topic appears worthwhile.
But a simpler one to answer is around a common numbering database. We are staunch supporters of the introduction of a central repository for numbering data in the UK for many reasons. Not only would it help us all verify that numbers may be used for CLI purposes – and provide simpler trace back to service providers) but it would have an immensely positive impact on number porting and call routing too. No longer would we have to rely on ‘onward routing’ as a method of moving calls around and risk vast outages when a provider has a technical issue or disappears from the market.
We also feel that each of the changes introduced over the last couple of years, many as recent as May this year, have not yet had time to show how effective they are. With that in mind it’s difficult to say how proportionate the introduction of CLI Authentication really is.
So in brief our response will say we are supportive of consulting further on CLI Authentication, delivered similar to STIR/SHAKEN, but that we should also start preparing for a common database as well as ensure existing rules are correctly implemented and enforced across the sector because those measures are far less disruptive but have unmistakable benefits to everyone.
CLI Authentication and a common database both require excellent data integrity, an exercise not to be underestimated and one we should press on with sooner rather than later – something we flagged to Ofcom in 2019 in fact!
The full Ofcom document can be found here: https://www.ofcom.org.uk/consultations-and-statements/category-2/cli-authentication