US House Passes Ban On Caller ID Spoofing
smarek writes "The 'Truth in Caller ID Act' passed the US House of Representatives on Wednesday. The legislation is trying to outlaw Caller ID spoofing. In some cases, this spoofing has led to individuals giving out information that has led to identity theft. Last year the NYPD discovered over 6,000 victims of Caller ID spoofing, who together lost a total of $15 million. A companion bill has already been passed by the Senate, and the two are on their way to 'informal conference to reconcile any differences.' The bill that results will most likely pass."
PCWorld's coverage notes that callers will still be able to block their information entirely, and that the bill may have negative consequences for legitimate phone-related services, such as Google Voice.
People who steal identities will carry on spoofing caller ID, because they already commit more serious crimes, while users of legitimate services will be inconvenienced. Still, at least the politicians are seen to do something about the problem.
# cat
Damn, my RAM is full of llamas.
And if Congress legislates that in all email messages, the "From:" headers cannot be forged, THAT will stop SPAM. I'm certain of it. Just like this will stop caller ID spoofing.
Clearly, this is the correct solution and will whip those wrascally criminals into shape. There isn't anything this congress can't do!
People who steal identities will carry on spoofing caller ID, because they already commit more serious crimes, while users of legitimate services will be inconvenienced.
What, you mean criminals won't follow the law? Say it isn't so!
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Interstate commerce, don't ya know? It's the one sized catch all that works for everything from SPAM to the guy growing pot in the basement for his own personal consumption.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Gosh, Captain Liberty, I certainly can't think of any way in which regulating fraud committed over the phone might be related to interstate commerce...
(Now, there might well be an argument to be made if the caller-ID spoofer could demonstrate that the spoofed call was strictly intrastate; but I'm guessing that vanishingly few of them are.)
If they really wanted to do something about this, they'd discontinue the entire CallerID system and allow regular folks to use ANI [wikipedia.org] as a standard feature. That's the same system used by both toll-free numbers and emergency services like 911. Unlike CallerID, it's out-of-band and cannot be spoofed by the caller alone. It uses the billing data, the same data that the phone company uses to know whom to charge for the call. By comparison CallerID is a joke.
I've often wondered this myself. I found out the other day that Verizon Wireless has the ability to block numbers from being able to call you or text you. Family member of mine has been getting harassing phone calls. Of course the block is utterly useless because a simple caller-id block (*67 in the US) will defeat it. The phone company provides the service but can't use the ANI information?
They do the same thing with their "mobile to mobile" calling features. If you block your caller id and call someone who is "in network" they will get charged minutes as though it was an out of network call. ANI is not blocked when caller-id is but they are too stupid to use it for their own billing purposes? WTF?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
\
It really isn't debatable if the intent is to defraud or deceive. If I call you from my phone through google voice, and the caller ID displays my name and my google voice number which, if called, connects to me on whatever phone I can be reached at, where is the deception? Who's being defrauded? What should the number say, Google, Inc.?
Similarly if I'm at work making a business call on a work phone, how can anyone argue displaying the company name and main phone number be deceptive?
This sentence no verb.
IANAL but I have a lot of experience with telephony and telephony policy. So take this with as many grains of salt as you want.
The key phrase in the House bill is "with the intent to defraud or deceive". There is similar language in Senate bill. There's a lot of reasons to legitimately set your caller ID to something. With ISDN PRI service it's up to the calling party equipment to set the Caller ID. So for something like Google Voice, if they're bridging SIP to the PSTN, you absolutely don't want your caller ID showing up as the trunk identifier or billing number for their equipment. My reading of these bills doesn't outlaw it.
The bills in question are H.R. 1258 and S. 30. I made a comparison document that highlights the differences in each bill the other day. It's located here:
http://dfs.org/comparison.pdf
They do the same thing with their "mobile to mobile" calling features. If you block your caller id and call someone who is "in network" they will get charged minutes as though it was an out of network call. ANI is not blocked when caller-id is but they are too stupid to use it for their own billing purposes? WTF?
That doesn't sound like stupidity to me... That sounds like profitable evil, in the same vein as the "placing the button that causes your phone to load some crappy WAP page at $.10/KB right next to the button you actually want, and making it impossible to remap/disable". I'm sure that, if people who are out of network were using caller-ID spoofing to appear as "in-network", they'd start using ANI. As long as the net effect of not using ANI means more minutes billed, not fewer, though, why would they change?