Get with the program, MAN (Part 2)

Let's compare the U.S.-based STIR/SHAKEN with France's MAN Program, and other trends in robocalling.
Purple background with blue phone. Copy says MAN vs. STIR/SHAKEN

While fundamentally based on the same technical standards, STIR/SHAKEN and France’s MAN program have some important operational differences when combating robocalling.

IP-based communications and their consumers are evolving together. Unfortunately, as IP services and networks grow, bad actors have exploited the opportunity to drive up unlawful robocalling. The battle to rein in this problem in different parts of the world is now in full swing. Let’s have a look at how the industry is working to solve the robocalling challenges. 

A State of the Call report published by analytics provider Hiya[1] identified these 5 trends in 2023: 

  1. Spam and fraud frequency is increasing and threatening trust in voice calls.
  2. Financial impacts may be improving, but they’re not the only cost of spam and fraud calls.
  3. Trust and security are major opportunities for carriers and businesses alike to improve customer experience.
  4. Businesses are feeling the impact of spam and want to improve their voice reputation.
  5. Identity can help reestablish trust.

In the same report, the data showed that France experienced a spam rate of 43% in 2022, broken down to 2% fraud and 41% nuisance calls. Not far behind, the US saw 34.9% spam. Of the scammed users, costs were as high as $360 per user in France and $431 per user in the U.S. in 2022. Not quite where the average individual wants to be investing their money. 

Fortunately, government agencies and telecom companies alike have taken notice of the robocall issue.

In response to rising spam, the implementation of call verification programs to help protect consumers from malicious callers are on the rise. 

Fighting robocalls: The MAN program and STIR/SHAKEN way

France’s MAN Program and America’s STIR/SHAKEN regulations are premised on the same fundamental technical standards designed to address the same fundamental purpose: to identify and reduce illegal traffic. As regulators around the world look to protect consumers from robocalls, both of these initiatives are leading examples for others to follow.

STIR/SHAKEN vs. MAN program: A comparison

  UNITED STATES FRANCE
Name STIR/SHAKEN
STIR stands for Secure Telephony Identity Revisited.
SHAKEN stands for Secure Handling of Asserted information using toKENs.
“MAN Program”
Mécanismes d’Authentification
des Numéros English Translation:
Number Authentication Mechanism
Government Legislation TRACED Act Naegelen law
Regulating Authority FCC ARCEP
Deadline
  • June 30, 2021 for large service providers
  • June 30, 2022 for non facilities-based small providers.
  • June 30, 2023 for facilities-based small providers
  • As of October 1, 2024, all French Operators and owners of numbering resources in France will need to comply with the ‘final phase’ of the MAN Program, which requires Operators to disconnect calls that do not meet the required criteria.
Summary

By securing caller ID integrity, the STIR/SHAKEN framework enhances trust between callers and recipients. Carriers sign calls with a 3-tier system to mark the legitimacy of calls, enabling providers to make informed decisions about answering or blocking calls.

Mandates number authentication using STIR/SHAKEN for IP calls on NANP telephone numbers.

Similar to STIR/SHAKEN, France’s MAN program requires telecom providers to verify the identity of callers associated with calling telephone numbers, and authenticate each call.

Mandates number authentication (with reference to the US STIR/SHAKEN standards and implementation) for all calls using ARCEP national/polyvalent numbers. 

Policy Administrator (PA)(responsible for carrying out policy decisions (i.e. key revocation))
  • Policy Administrator (PA) authorization is required to acquire signing certificates from a Certificate Authority (CA)
  • There is only 1 STI-PA
  • APNF is both the policy administrator and certificate authority in the French market.
  • Each call that is received will be validated against a database of operator certificates to validate the call.
  • There is a centralized repository for all reported unsigned calls.
Certificate Authority (CA)(responsible for assigning, managing, and validating digital certificates)
  • The terminating service provider verification service will query the CAs repository to validate the call signature.
  • There are around 10 STI-CAs to choose from.
Call Signing
  • IP  service providers must sign all IP calls.
  • Due to hardware limitations, calls originating from TDM do not have to be signed.
  • There is no requirement to decommission TDM hardware or to stop implementing TDM hardware for traffic in the U.S..
  • Attestation A, B, and C describes how a call originated, not the reliability of the call.
  • Telephone operators with numbering resources are responsible for signing calls. 
  • The MAN program only covers IP calls. All calls must be converted to IP signaling. 
  • Attestations A, B, and C describe how a call originated, not the reliability of a call.
Call Transiting
  • Calls that have been previously signed should maintain the identity header through call completion.
  • Calls that convert from IP to TDM will lose their identity header based on equipment capabilities.
  • Carriers transiting a call (not signing/verifying) are responsible for confirming the presence + formatting signed calls.
  • Calls without an identity header or are not formatted correctly will be disconnected.
  • Emergency calls will NOT be disconnected whether a signature is or is not present.
  • Disconnectable calls are reported to the MAN Application (Database of Signals and Measurements).
Call Verification
  • The terminating service provider verifies the call signature.
  • Service providers that cannot verify the call can have verification performed upstream.
  • The terminating operator is responsible for verifying calls that have been signed.
  • Verification ensures the telephone number is consistent from end-to-end of a call.
Traceback Calls determined to be fraudulent/scam in nature can be traced back to the point of origin. Calls determined to be fraudulent/scam in nature are reported to the MAN program post call report.

Looking ahead

Illegal robocalling has plagued phone users for far too long. France’s MAN program and the U.S. STIR/SHAKEN framework have emerged as global leaders in the fight against illegal robocalling, employing innovative standardized approaches to tackle the issue head-on. By targeting the applications themselves and ensuring caller ID integrity, these initiatives provide promising solutions. 

As other nations embrace similar measures and collaboration grows, the world moves closer to a future where illegal robocalling can be mitigated, allowing individuals to communicate without the incessant intrusion of unwanted calls.