News

Canadian Telecommunications Service Providers May Soon Have Access to STI Certificates, Allowing for Higher Attestation in Canada

Written by Amy Ralls | Oct 14, 2021 4:00:00 AM

Telecommunications Service Providers (TSPs) in Canada may soon have access to Secure Telephone Identify (STI) Certificates—necessary for higher (Level A or B) attestation—once the Canadian Radio-television and Telecommunications Commission (CRTC) acts on a report (Report) by the Canadian Secure Token Governance Authority (CST-GA).

The Report follows consultation with currently ineligible TSPs (without access to Canadian Numbering Administrator resources) to modify, via consensus, eligibility requirements for obtaining Service Provider Code (SPC) Tokens. CST-GA undertook this process based on a CRTC decision in response to a petition by Mitel Cloud Services, Inc. (Mitel). Mitel requested the CRTC (1) instruct CST-GA permit all TSPS to receive STI Certificates and (2) exclude any TSPs not registered with the CRTC as an alternative to the Federal Communications Commission’s requirement that providers file in the Robocall Mitigation Database to access STI Certificates. The CRTC’s only guidance was that new eligibility requirements should only exclude “TSPs that cannot be trusted to maintain the integrity of the STIR/SHAKEN framework.”

CST-GA Report’s Proposed New SPC Token Access

The Report proposes three new eligibility criteria—Identity, Reputation, and Technical—that must all be satisfied to obtain an SPC Token:

  • Identity: TSPs must provide enough information to prove they are “who you say you are.”
  • Reputation: TSPs must respond to a series of Yes/No questions to ensure trustworthiness (the key CRTC eligibility requirement). CST-GA proposes to use the same criteria for ongoing compliance monitoring.
  • Technical: TSPs must provide information to establish compliant implementation processes and best practices for appropriate call attestation.

TSPs with SPC Tokens can seek an STI Certificate from Neustar, the sole Secure Telephone Identity Policy Administrator and Certification Authority in Canada.

The Report recommends CST-GA (1) amend CST-GA’s SPC Token Access Policy, (2) develop an application and onboarding process to support issuing SPC Tokens based on the three criteria, and (3) provide the CRTC a copy of the Report.

TSPs Should Prepare Applications Now, Anticipating a CRTC Decision Approving New Eligibility Criteria

The CRTC has not issued a decision adopting the Report. But, currently ineligible TSPs can use the Report as a guideline to preparing draft SPC Token applications to the CST-GA and ensure they are ready to file applications following the CRTC’s decision. We expect a CRTC decision will direct CST-GA to implement a majority, if not all, of the recommended components to establish new eligibility criteria.

Acting now may avoid future cost or delay, while preparing and filing an application following the CRTC’s decision could result in your TSP’s application being delayed as the CST-GA deals with a flood of applications from impacted TSPs. Thus is particularly important given an unknown application process and CST-GA acknowledgement that “lack of access to SPC Tokens may create challenges for non-eligible TSPs in complying with the Commission’s requirement for all TSPs to implement STIR/SHAKEN prior to the deadline, in part because alternative implementation options may not be available.”

If you have questions about the applicability of the CRTC’s STIR/SHAKEN requirements, need assistance with preparing an SPC Token application, or have other CRTC compliance questions, please reach out to Ivan Zajicek at 703-714-1310 or isz@commlawgroup.com.

Information provided by:
The CommLaw Group
1430 Spring Hill Road
Suite 310
McLean, Virginia 22102