Slashdot Mirror

← Back to Stories (view on slashdot.org)

CallerID Spoofing to be Made Illegal

Posted by CowboyNeal on from the phoning-home dept.

MadJo writes "US Congress has just approved a bill that will make it illegal to spoof CallerID. From the bill: 'The amount of the forfeiture penalty (...) shall not exceed $10,000 for each violation, or 3 times that amount for each day of a continuing violation, except that the amount assessed for any continuing violation shall not exceed a total of $1,000,000 for any single act or failure to act.'"

11 of 351 comments (clear)

  1. Congress isn't allowed to do this... by SonicSpike · · Score: 3, Insightful

    According to the Constitution in Article 1, Section 8, Congress isn't allowed to regulate communications. Therefore this is unconstitutional.

    --
    Libertas in infinitum
  2. Re:Interesting by pete-classic · · Score: 3, Insightful

    Allowing subscriber lines to set caller ID data is a feature, not a bug.

    -Peter

  3. Re:A campaign by Anonymous Coward · · Score: 5, Insightful

    I work for Congress, but not on this issue. But I can correct some misinformation.

    1. You're right. We shouldn't make murder illegal either.

    2. See number 1. The question is whether the money spent on this law is worth the societal good of making it easier to prosecute scammers.

    3. The phone companies don't have an incentive to stop scamming. Congress does (they're occasionally responsible to voters.)

    4. It doesn't stop you from not allowing the number to show up at all. It just stops you from faking it.

    5. It was specifically written to exempt these uses, since Congressional offices, for example, have the public number show up when people call out from them, rather than individual extensions.

  4. Re:A campaign by Khaed · · Score: 5, Insightful

    I'm not so much worried about criminals, but I don't think this bill addresses what I want it to:

    I'm sick of companies calling and their damn name not showing up, for whatever reason. "Tollfree number" (well no shit, other than collect, when do I get charged for receiving calls?) or "Unknown Caller"

    Some of them are bill collectors. Who want someone that isn't here, and don't seem to want to believe that no, that person isn't here, and isn't going to be, so stop calling me. But either way, if they can't identify themselves, they shouldn't be calling my damn number. Which is why I disagree with #4 on your list.

    If you're calling my house, I have every right to know who you are. Can you seriously come up with a legitimate situation where you should be able to call me and me not be able to see who you are before I answer the phone?

    I barely answer unless I recognize the number anyway, because of a massive amount of wrong numbers. And some of the numbers these idiots are trying to dial aren't even close.

    I agree with #3, however, in regards to #2, the cost of it will just be passed on to you one way or another. #5 I can see, but I've never had a business call me and use a sales associate's name.

    #1 is a silly argument. Making rape illegal hasn't stopped it, either. You can make the case that no law is ever going to stop any crime. However, it makes it so that if you do it and get caught, you can be punished.

  5. Re:A campaign by gujo-odori · · Score: 3, Insightful

    WRT point 5, what the bill outlaws is "to transmit misleading or inaccurate caller ID information." If a company has its PBX configured so that it sends a salesperson's name rather than the company's name when she makes a call, I think a lawyer would have no problem deflecting an attempt to prosecute. After all, the name displayed *was* the name of the person making the call, so none of the information was false or misleading.

    For the person who wondered if having his caller ID say "Harry Potter" could get him in trouble, it sounds like it could, although in practical terms I think someone would have to actually complain about that for him to get in trouble. I think how this law will be used in practice is for "piling on" charges when arresting scammers on other charges. The more you can charge them with, the more expensive it is for them to defend it and the more jail time and fines you can get on them.

    Still, as others have suggested, I believe congress is approaching this from the wrong angle. It is certainly possible for the Telcos to solve this problem by preventing spoofing in the first place, but they don't because they have no incentive to do so. They also have some disincentive to do so: there are people who want to spoof, for good reasons or bad, and these people are telco customers. If the major telcos all blocked spoofing, they'd take their business to someone who didn't. However, congress can give telcos incentive to block spoofing by requiring them to do so and levying hefty fines if they don't.

    They'll whine, sure. Companies that don't want to do something always whine. Look at the auto industry. Going back to the first legislation requiring emission controls, and later, CAFE imposing mileage standards, there was much lobbying, whining, wringing of hands, wailing, gnashing of teeth, and protestations that it was too difficult, to expensive, or both. Yet, lo and behold, they've done a pretty fine job of meeting these requirements. In doing so, they illustrated very well the difference between "can't' and "don't want to." The telcos would be no different. They'd gripe about it, but they'd get it done.

  6. Re:Upside-down. by aztektum · · Score: 4, Insightful

    That's the damn thing. Last I checked we already had laws against fraud. So why make a law specifically towards something like this? I can understand the disabilities act, but really, go after spoofers for fraud and if the penalty isn't high enough ADJUST the penalty for fraud across the board. We're making every damn little thing a frickin' crime in this country anymore.

    --
    :: aztek ::
    No sig for you!!
  7. Re:Upside-down. by SpaceLifeForm · · Score: 3, Insightful

    The reason they make a law like this is to
    limit the liability. It's a fixed amount.

    That is the number one reason laws have no teeth,
    they have fixed monetary penalties, that are
    really no penalty to big business. They are
    just a cost of doing business to the business.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  8. Re:Upside-down. by node+3 · · Score: 4, Insightful

    Last I checked we already had laws against fraud. So why make a law specifically towards something like this? Because one size does not fit all.

    Should impersonating a police officer, identity theft, false advertising and passing fake checks all have the same punishment? These are all, at the base, fraud. Could they even reasonably fit under one singular law?

    We're making every damn little thing a frickin' crime in this country anymore. Here's the thing, the general term "fraud" is not illegal. Only specific forms of fraud. For example, claiming you can bench 200 lbs when you can barely press half that is not illegal. So, instead of just making "fraud" illegal, laws target specific types, and they *define* those specific types. Caller ID spoofing probably doesn't fall into any existing category of fraud, so this form of fraud can be presently engaged in with impunity.

    So what choices are there? Basically, they are to expand an existing law to cover Caller ID spoofing, create a new law, or ignore it altogether. Ergo this story.
  9. Re:Interesting by smartr · · Score: 5, Insightful

    If slashdot's comments and moderation can be abused, how is that a bug? Some features are inherently prone to different forms of abuse, and there is no magical way to completely solve the problem without removing the feature. I do not have faith in the idea that features can always have a perfect solution. If there was not a mistake in how something should function, it is not a bug. One could make improvements to make abuses harder, but this would be an improvement on the system - not a bug fix.

  10. The whole thing is absurd by StealthyRoid · · Score: 3, Insightful
    It's a stupid bill for four reasons:
    1. It's a solution without a problem. The actual impact of caller ID spoofing is almost nil, while it's a valuable learning tool for many people just getting started with phones. The only argument I can see for it is that it makes reporting violators of the Do Not Call list. However a.) that's not a big enough benefit to justify any but the smallest trade off and b.) the Do Not Call list is stupid, and its impact should be achieved via implementation of blacklists by phone carriers. The government shouldn't be acting unless there's a serious matter at hand, nor should it engage in yet another unConstitutional regulation.
    2. It's too open-ended.

      `(4) REPORT- Not later than 6 months after the enactment of this subsection, the Commission shall report to Congress whether additional legislation is necessary to prohibit the provision of inaccurate caller identification information in technologies that are successor or replacement technologies to telecommunications service or IP-enabled voice service.
      ...
      `(A) CALLER IDENTIFICATION INFORMATION- The term `caller identification information' means information provided by a caller identification service regarding the telephone number of, or other information regarding the origination of, a call made using a telecommunications service or IP-enabled voice service.
      Why not apply this to IP-spoofed or proxy'd Ventrilio/TeamSpeak/etc... conversation? This only increases the Constitutional argument against this amendment, because even if you buy the absurd assertion that the commerce clause gives the USFG power over anything that even remotely involves interstate commerce, where's the commerce in a private Teamspeak server? It also increases the chances of abuse by law enforcement, like the kids above.
    3. The bill doesn't just restrict malicious spoofing, like making a threatening phone call look like it's coming from inside the house, it restricts simply playful spoofing, like ordering a pizza for I.P. Freely and making it look like comes from the local police precinct. Nor does it make a distinction between spoofed info that represents someone else's information accurately, and displaying non-existent information like '555-555-1212'. There's no reason the government should be spending my tax dollars on something as asinine as this. Osama bin Laden isn't calling up the White House and asking for Prince Albert in a Can while spoofing his CID to say "SUCK IT DRY".
    4. The fines are absurdly out of proportion with any _potential harm_ presented by caller ID spoofers. What incentive does the USFG or the states (which the bill empowers to act on these matters) have to NOT go after 14 year old kids for $10k a pop? None. But nobody will think that at first, until the first few kids get busted, and are we really OK with _anyone_ being jacked by something this stupid?
  11. Re:Upside-down. by node+3 · · Score: 3, Insightful

    Yup, and its not fraud. Lying and fraud are NOT synonymous. Yes, they are. You can't stop at the first definition in your dictionary. Fraud does not require financial gain as a component (even if it's usually the case, and is part of the first definition in your dictionary).

    Ummm... yes? Impersonating a cop gives you power over others you don't deserve. That's a very different crime than stealing someone's identity, or committing bank fraud, which are financial, and those two have very different effects on two very different targets. If you think these should all be equally punished, you are a sociopath.

    You claim that the secondary crime should be the differentiator. I say merely *impersonating* a cop should be illegal, not just as some generic "fraud", but because it's an attempt to gain general power one doesn't have the right to, even if no other crime is committed. Merely stealing an identity, even if you don't commit any other crime, should be illegal, and have a different punishment, and writing a bad check should be illegal as well, etc.

    In any case, any law which makes a tool illegal rather than bad actions performed with the tool is a bad law. Then you have no problem whatsoever with your neighbor (not necessarily your existing neighbor, but any neighbor you may ever have, by choice or not) owning a nuclear bomb? Sarin gas? Or someone keeping dynamite in an apartment building?

    The fact is, some tools *should* be illegal or severely restricted. Your sentiment goes too far, it goes from cases where it's true (in general, outlawing a tool *is* foolish), and applies it too broadly (to say outlawing a tool is *always* bad).

    That's because caller id spoofing ISN'T fraud it is a harmless deception. If you use that deception to illicit an unfair gain then you have committed fraud and would have committed a criminal act without this law. Are you certain of that? Laws are specific things (they have to be), and if Caller ID spoofing does not fall under a current law, then it *won't* necessarily be illegal, even if it is fraud (the money kind you seem to think is the only kind).

    For example, calls pretending to be from the DNC, which are really from the RNC (this happened during the 2004 election, although I do not know if Caller ID spoofing was involved) had nothing to do, directly (i.e., legally) with money, and instead had to do with political influence.

    Is that harmless?