CallerID Spoofing to be Made Illegal

MadJo writes "US Congress has just approved a bill that will make it illegal to spoof CallerID. From the bill: 'The amount of the forfeiture penalty (...) shall not exceed $10,000 for each violation, or 3 times that amount for each day of a continuing violation, except that the amount assessed for any continuing violation shall not exceed a total of $1,000,000 for any single act or failure to act.'"

A campaign

[ringokamens]

There's a campaign going on at Binary Freedom right now that some of you may be interested in.
http://binaryfreedom.info/node/163
Basically, there are several arguments against this law

1. It doesn't do anything
Criminals will still make calls and spoof, so it won't stop fraud. Police can already track down spoofers with the same amount of non-spoofers who are using their phones for illegal purposes.

2. It costs money
We're gonna have to spend money to catch spoofers.

3. Jurisdiction
If the phone companies want to stop spoofing, they should design a secure system instead of relying on the congressional police

4. Privacy
It strips privacy that is gained by spoofing.

5. Legitimate use
It has legitimate uses such as for telecommuters who want the name when they make business calls to be the company's. Or how about a business that has several people using one phone line? They might want the sales associate's name to appear, which would be done through spoofing.

Fact of the matter is, this gains us nothing. If I can write a fake name on a letter and mail it, why can't I do the same with my phone?

Re:A campaign

[Elemenope]

Fraud generally requires either a pecuniary motive, or commission of the act in furtherance of some other crime. Simply putting some name that is not my own on a letter is neither of these things. I could sign my letters "Harry Potter" and the name as such wouldn't even be impersonation because the "victim" doesn't exist. Is this Mail Fraud? I don't think so...unless I was attempting to somehow profit from putting "Harry Potter" as my name.

Re:A campaign

[Achromatic1978]

"Can I have your mailing address?"

Certified mail:

In reference to your repeated attempts to find Person X on phone number X, consider yourself formally informed that this person has no connection with this number, and further, that this number is a cellular service for which an uninvolved third party is billed for each call from your business. Accordingly, you are instructed to cease and desist calling this number in relation to this matter, or I reserve the right to take action on the grounds that these calls are civil harassment, and to seek redress through appropriate channels for costs and damages incurred in dealing with this matter."

Actually, nothing happened

[gruntled]

So I'm actually reading the legislative action on this bill (through Thomas, provided by the link), and it doesn't appear as though there's been any kind of a vote on this. Am I, you know, missing something? Or does somebody not understand that a bill actually has to be voted on by each full chamber (both the House and the Senate) in an identical format, before it can be said that "Congress" has approved anything?

Re:NannyState?

[Brian+Gordon]

NannyState is when the government overregulates something that's really none of its business. Like privately-owned telecommunications companies.

Re:How will they enforce this?

There are several services out there that will do this real-time before you even answer the call. Like PDXUSA, they compare the ANI with the ID of the carrier originating the call, and the CID to see if they are consistent, then the CID display on your phone will indicate the CID, the ANI, and indicate if the CID is legit or not.

Re:NannyState?

No, this is an attempt by ill-informed politicians to make it sound like they are "doing something".

I use Caller*ID Spoofing in two separate ways:

1. When I'm working at home and need to call from my cell phone, I have the caller*id setup to show it is coming from my desk phone. This is so that I don't get customers calling my cell phone.

2. When outbound calls are placed at "the office", the caller*id is set to the toll-free number.

Unless the bill has a provision for allowing you to set the caller*id to numbers that you "have control of", it is really dumb. However, even if it does, it is still dumb.. The only calls I ever get fall into three categories:

1. Normal caller*id with a legit callback number for the person calling

2. A private/restricted number

3. All 0's or 1's for the caller*id.

That is all.

Re:Simple question

[Dun+Malg]

When the police/people see the incoming phone records, will it show the spoofed number or the real number? Police and the phone company use the ANI system (Automatic Number Identification). This is the system that tracks your billing. You do not have any say in what this system records as far as Name, Number, etc. Caller ID is a separate and unrelated system. Caller ID information is usually set by the originating switch--- essentially the point where the call turns from analog to digital. If you get all your lines piped into your office via a T1, then you are in control of the device that sets the Caller ID name and number and can set it whatever you like.

Re:All For It

[Kalriath]

Informative? Hah.

No, intentionally blocking is not forging caller ID. If your phone displays "Caller Unknown", you just made $0