FCC Robocall Strike Force — the moment STIR and SHAKEN became one framework
The FCC Robocall Strike Force is where the framework that became STIR/SHAKEN crossed from parallel standards efforts at the IETF and the ATIS/SIP Forum IP-NNI Joint Task Force into a unified, industry-endorsed plan with regulatory weight behind it. Convened by FCC Chairman Tom Wheeler in 2016 and chaired by AT&T CEO Randall Stephenson, the Strike Force consolidated voice-service providers, equipment vendors, governance bodies, and analytics specialists into four cross-functional workgroups operating on an aggressive delivery cadence. It worked in two phases. The first phase — a sixty-day sprint from August through October 2016 — produced the Initial Report on October 26, 2016, which endorsed STIR/SHAKEN as the US call-authentication framework and accelerated the standards-delivery timeline from December 2016 to October 2016. The second phase — a six-month follow-up commissioned at the October meeting — produced the April 28, 2017 status report, by which point Wheeler had been succeeded by Ajit Pai and the deployment work had moved into the joint task force and into ongoing CTIA Robocall Working Group efforts. The two reports together are the architectural reference point for everything that followed in US caller-authentication deployment.
The technical convergence — combining the IETF’s STIR protocol work with the IP-NNI Task Force’s SHAKEN implementation — had happened a year earlier, at an FCC workshop on September 16, 2015. Jon Peterson and I recommended the convergence in a discussion at that workshop; the Strike Force then formalized it as the framework. I participated directly in each of these moments — at the 2015 workshop in the conversation with Jon, and at the Strike Force as co-chair of the Authentication workgroup with Martin Dolly of AT&T. The framing on this page is from inside the work.
What had already been happening
By 2015 the technical pieces that would become STIR/SHAKEN were already in motion in different forums, working on related problems without being formally connected.
At the IETF, the Secure Telephone Identity Revisited (STIR) working group had been chartered in 2013 to develop cryptographic authentication for telephone calls in SIP. STIR’s design defined a signed PASSporT object carried in the SIP Identity header, with a certificate hierarchy traceable to recognized authority over telephone numbers. The work was happening in the standards forum where internet protocols are designed, with the intellectual posture that comes with that — protocol-first, extensibility-first, attentive to how SIP and the broader internet ecosystem fit together. By 2015 the working group had produced multiple drafts and was converging on what would eventually become RFC 8224 (Identity), RFC 8225 (PASSporT), and RFC 8226 (Certificates), all published in 2018. Jon Peterson at Neustar was one of the lead authors and had been the central intellectual force in STIR’s development.
At the ATIS/SIP Forum IP-NNI Joint Task Force, formed in January 2014, work was underway on the operational profile that would let telephone-network operators actually deploy caller-authentication credentials at scale. The IP-NNI work focused on the operational arrangements that the IETF protocol specifications wouldn’t address: which entities issue certificates, how the trust hierarchy maps to the regulatory structure of the North American numbering system, what attestation claims service providers should make about the calls they sign, and how the framework integrates with existing SIP interconnection between providers. By summer 2015 this work had begun coalescing under the name SHAKEN — Signature-based Handling of Asserted information using toKENs — with the joint task force just weeks into the dedicated effort. I was a co-chair of the IP-NNI task force from its formation, and a direct participant in the SHAKEN drafting.
These were complementary efforts. STIR was the protocol layer; SHAKEN was the operational profile that would make STIR deployable in the US/North American carrier ecosystem. But the two efforts weren’t yet formally linked. STIR’s design choices weren’t being made with a specific commitment to SHAKEN as the deployment vehicle, and SHAKEN’s drafting wasn’t anchored in specific dependence on STIR’s evolving protocol decisions. There were good reasons for the loose coupling — IETF working group processes are designed for general applicability rather than specific deployment commitments, and the IP-NNI work needed flexibility to adjust to operational realities — but the architectural risk of drift between the two efforts was real.
The September 2015 workshop
The FCC’s Consumer and Governmental Affairs Bureau hosted a Robocall Blocking and Caller ID Spoofing Workshop at FCC headquarters on September 16, 2015. The workshop was structured around four panels covering the consumer experience of unwanted calls, third-party blocking solutions, carrier-side options, and the role of gateway providers. Chairman Wheeler delivered the opening remarks. The substantive discussion brought together people who had been working on the problem from different angles — the standards work at IETF, the operational work at IP-NNI, the consumer-facing analytics and blocking-app vendors, the service providers, the consumer-protection advocates, the regulatory staff.
A turning point in the technical track came in a conversation between Jon Peterson and me. The IETF STIR work and the IP-NNI SHAKEN work had been advancing on parallel tracks; in the context of the workshop’s focus on near-term deployable solutions, it became clear that the two efforts could be much more powerful if explicitly combined. STIR provided the protocol layer the IP-NNI work needed; SHAKEN provided the operational profile and the deployment vehicle that the IETF work needed for near-term US adoption. We recommended bringing the two together — STIR as the underlying protocol, SHAKEN as the operational profile, with the IP-NNI Task Force coordinating with the STIR working group to keep the two in sync as they advanced. Other team members agreed. The framework that became STIR/SHAKEN — the combined name, the architectural division of labor, the commitment to mutual coordination between the two forums — dates to that conversation.
USA TODAY’s coverage of the framework’s development documented the moment in a passage that includes Jon and me specifically as the people who recommended the combination. Kevin McCoy’s syndicated piece (November 2018, archived at the Chicago Sun-Times) frames the September 2015 workshop as “a turning point” in the team’s planning. Madeline Purdue’s USA TODAY piece (July 11, 2019) covers the FCC SHAKEN/STIR Robocall Summit later that same day, where the framework’s deployment progress got reviewed publicly. From inside the work the September 2015 moment didn’t feel quite as dramatic as the McCoy framing suggests — the convergence was a natural recommendation given the technical landscape — but the substance is right: this was where the two efforts came together.
The convergence didn’t have institutional weight yet. It was a technical-team consensus that needed to be carried into the IETF process, the IP-NNI process, and eventually a coordinating venue that could speak to both. That coordinating venue would arrive a year later as the Strike Force.
Phase one: the August–October 2016 sprint
In summer 2016 the political pressure on the robocall problem escalated sharply. Chairman Wheeler issued a letter on July 22, 2016 to the CEOs of the major wireless and wireline phone companies, calling for greater collective action on robocall mitigation. AT&T responded within days, with CEO Randall Stephenson announcing that AT&T would convene an industry-wide “Robocalling Strike Force” with the mission of accelerating caller-ID verification standards and other call-blocking mechanisms. Wheeler endorsed the initiative and the Strike Force became the formal industry-led response to his call to action.
The Strike Force held its first meeting on August 19, 2016 in the FCC’s Commission Meeting Room. Wheeler opened. Stephenson chaired. The agenda was straightforward: develop a comprehensive action plan against unwanted and illegal robocalls, with a sixty-day delivery commitment. That commitment shaped everything about the first phase of the work. Sixty days is a short window for any consensus-building process across a coalition of major carriers, equipment vendors, software providers, and governance bodies, and the Strike Force’s structure reflected the compression. Four workgroups operated in parallel, each meeting at least twice per week, with cross-workgroup coordination at a higher tempo than any of the participating organizations typically operated.
The workgroups were organized around four problem areas: Authentication (the technical framework for verifying caller identity), Detection (the analytics, traceback, and blocking side), Information Sharing and Tools (the consumer-facing piece and the operational data sharing across providers), and Standards (the broader standards-coordination work that supports each of the other three). I was co-chair of the Authentication workgroup with Martin Dolly of AT&T. Dolly had been a central figure in the IP-NNI work from the beginning; the co-chair arrangement put one chair from the cable-and-internet side (Comcast, where I was at the time) and one from the traditional telephone side (AT&T) — a structural reflection of the broad coalition the Strike Force was trying to operate as. The Authentication workgroup carried the STIR/SHAKEN technical work forward, building directly on the convergence framework that had emerged at the 2015 workshop.
The Strike Force reported its proposed action plan to the Commission at the second meeting, on October 26, 2016. The Initial Strike Force Report — the foundational document — was released that day. The report’s central technical contribution was the formal endorsement of STIR/SHAKEN as the caller-authentication framework: the IETF’s Secure Telephony Identity Revisited protocol combined with the ATIS/SIP Forum IP-NNI Task Force’s Signature-based Handling of Asserted information using toKENs operational profile, with explicit delivery commitments around standards publication, governance arrangements, and deployment infrastructure. The Strike Force accelerated the standards-delivery timeline from a target of December 2016 to actual delivery in October 2016, with the SHAKEN base specification (ATIS-1000074) reaching final publication in January 2017 after a pre-publication draft in December 2016.
The Initial Report also developed substantial work outside the authentication thread. The Detection workgroup output covered analytics-based call-blocking, traceback procedures for investigating illegal calls back through the carrier chain, and DNO (Do Not Originate) list mechanisms for known should-never-originate numbers. The Information Sharing and Tools workgroup covered consumer-facing capabilities including star codes for marking calls, web portals for reporting, and the operational data-sharing infrastructure that would let providers coordinate analytics. The Standards workgroup addressed broader coordination questions including the role of 3GPP, ATIS, SIP Forum, and the IP-NNI Task Force in the ongoing development of the framework. None of these threads were entirely new — each built on work that had been underway in various venues — but the Strike Force consolidated them into an integrated plan with explicit ownership and delivery dates.
At the October 26 meeting, Wheeler proposed a third meeting in six months to assess implementation progress. That commitment became the second phase.
Phase two: the October 2016–April 2017 implementation cycle
The Strike Force’s second phase ran from late October 2016 through April 28, 2017, focused on implementation progress rather than design. The political context shifted significantly during that period. Wheeler’s tenure as FCC Chairman ended with the change of administration in January 2017; Ajit Pai succeeded him as Chairman, with a different posture toward industry-mandated regulatory action. Pai’s general approach emphasized industry-led solutions over commission-mandated ones — a continuity with Wheeler’s framing of the Strike Force as an industry-led effort, but with less institutional pressure for specific delivery deadlines.
The implementation work continued through this period in three main venues. The IP-NNI Task Force produced the SHAKEN base specification (ATIS-1000074) in January 2017 — the most consequential single deliverable — along with related work on governance and certificate management. The IETF STIR working group continued advancing the protocol drafts that would eventually publish as RFC 8224, 8225, and 8226 in February 2018. And CTIA convened a Robocall Working Group (RWG) in November 2016, shortly after the Initial Report, to coordinate the implementation work happening in parallel across carriers, vendors, and governance bodies. The CTIA RWG met weekly and provided the operational coordination layer that the Strike Force itself wasn’t structured to sustain over a longer period.
The April 28, 2017 Industry Robocall Strike Force Report was the follow-up status report. It described continued progress on the authentication framework — the SHAKEN base spec was now published and operational testing was beginning, the broader governance structure was being designed, and additional ATIS work had advanced on best-practices, attestation handling, and the framework for display of verified caller ID. It also described continued development of the DNO blocking process, analytics-based call-blocking deployment, traceback procedures, and the broader operational infrastructure. The report’s tone was more measured than the Initial Report’s — implementation progress is harder to make dramatic claims about than the formation of a framework — and consumer advocates argued that the pace was insufficient given the scale of the robocall problem. But the substance of what the Strike Force had endorsed in October 2016 was holding up: STIR/SHAKEN was on track, the operational pieces were coming together, and the industry coordination structure had taken shape.
Pai’s statement on the April 2017 report acknowledged the progress and indicated the Commission would continue evaluating next steps. He didn’t schedule further Strike Force meetings. The formal Strike Force chapter ended there; the work it had launched continued in the IP-NNI Task Force, the IETF STIR working group, the CTIA RWG, and the FCC’s own subsequent proceedings.
From the Strike Force to the FCC mandate
The path from the April 2017 follow-up report to the FCC’s 2020 STIR/SHAKEN mandate ran through several intermediate steps. The NANC Call Authentication Trust Anchor (CATA) Working Group issued a report in May 2018 on selection of a Governance Authority and timely deployment, recommending that the Secure Telephone Identity Governance Authority (STI-GA) be established to oversee the US deployment. The May 2018 report was the first of a series of CATA reports through 2024 that produced the substantive analysis behind nearly every subsequent FCC caller-authentication rulemaking; the NANC CATA page covers the full body of work. Industry establishment of the STI-GA followed, with iconectiv selected as Policy Administrator. Through 2018 and 2019 the IETF STIR RFCs published, the SHAKEN spec set expanded with ATIS work on attestation handling, governance, and rich call data, and operational deployment began at major carriers.
The TRACED Act, signed into law in December 2019, gave the FCC explicit statutory authority to mandate caller-ID authentication deployment. The FCC’s Report and Order in March 2020 invoked that authority to mandate STIR/SHAKEN deployment in the IP portions of US voice networks by June 30, 2021 — the deadline that turned the framework from a voluntary industry standard into a regulatory compliance requirement. Subsequent rulemakings extended the mandate to additional provider categories (gateway providers, intermediate providers receiving unauthenticated calls), established the Robocall Mitigation Database as the compliance reporting mechanism, and tightened enforcement.
None of these steps were specifically Strike Force outputs, but the Strike Force is what made them possible. The October 2016 Initial Report endorsed STIR/SHAKEN as the framework with enough industry weight that the FCC’s subsequent regulatory work could treat it as the operational baseline. Without the Strike Force’s endorsement, the path to the 2020 mandate would have been considerably more contested. The framework that exists in production today — every signed call traveling through every US-deployed authentication service — traces its institutional lineage to the Strike Force’s two phases of work.
Why this matters
The Strike Force is a specific kind of governance precedent. It’s the model for how technical industry coordination can move a complex multi-forum standards effort into deployable industry policy under regulatory observation, without the regulator having to mandate specific design choices. The FCC didn’t specify STIR/SHAKEN as the framework; the Strike Force did. The FCC’s role was to convene, observe, and provide the political weight that made the industry-led process serious. That model shows up again in subsequent FCC robocall work, in the Cross-Border Trust Anchor Certificate List discussions, and in international peer regulators’ treatment of caller-authentication governance.
For the broader trust-governance landscape this library covers, the Strike Force is also where DNO (Do Not Originate) was first formalized for US deployment, alongside STIR/SHAKEN. DNO had been discussed as a concept before, but the Strike Force put it into the same delivery structure as STIR/SHAKEN, with explicit operational ownership and reporting expectations. The DNO work that emerged from the Strike Force led directly to the authorization-first DNO+ framework that I later developed for CFCA TTWG (covered separately in DNO+), which extends the basic DNO concept into a more robust enterprise trust mechanism.
Where this fits
The Strike Force is foundational US trust-governance history — the institutional moment where the technical work and the industry coordination became formal US policy. The page sits in trust governance because it’s about how the framework was governed into existence, not about the technical mechanism itself. The technical content lives in STIR/SHAKEN, with SHAKEN’s operational profile covering the deployment mechanics, the IP-NNI Joint Task Force covering the standards-development venue that the Strike Force worked through, and attestation levels covering the specific A/B/C model that SHAKEN inherited.