US House Passes Ban On Caller ID Spoofing
smarek writes "The 'Truth in Caller ID Act' passed the US House of Representatives on Wednesday. The legislation is trying to outlaw Caller ID spoofing. In some cases, this spoofing has led to individuals giving out information that has led to identity theft. Last year the NYPD discovered over 6,000 victims of Caller ID spoofing, who together lost a total of $15 million. A companion bill has already been passed by the Senate, and the two are on their way to 'informal conference to reconcile any differences.' The bill that results will most likely pass."
PCWorld's coverage notes that callers will still be able to block their information entirely, and that the bill may have negative consequences for legitimate phone-related services, such as Google Voice.
People who steal identities will carry on spoofing caller ID, because they already commit more serious crimes, while users of legitimate services will be inconvenienced. Still, at least the politicians are seen to do something about the problem.
If they really wanted to do something about this, they'd discontinue the entire CallerID system and allow regular folks to use ANI as a standard feature. That's the same system used by both toll-free numbers and emergency services like 911. Unlike CallerID, it's out-of-band and cannot be spoofed by the caller alone. It uses the billing data, the same data that the phone company uses to know whom to charge for the call. By comparison CallerID is a joke.
Of course a lot of the ID theft issues would be greatly reduced if people would use a little sense. That would include never giving confidental information to someone who calls you. If you think that's your bank calling about your account, tell them you are going to hang up and call them back at the number they publish in the phone book or your hardcopy account statements. This simple 20-second step would eliminate a great deal of these problems, no politicians required.
It is a miracle that curiosity survives formal education. - Einstein
Using ANI (Billing Number) for all calls would probably be a bad idea. Say you're calling someone you have a business relationship with from your phone at work (technology type doesn't matter here). If billing number was the only thing available, every single call from your company would show up with the same number. Probably your main line that goes to a receptionist. In some situations this is what people want (telemarketers for instance) but in what many view as more legitimate business it would be annoying.
I'd hate it if every time various vendors that I have multiple account managers called my cell phone it just said "AT&T employee" etc. I like knowing who I'm going to be talking to.
Also, this completely ignores some of the other valid reasons for setting a caller ID value that most people outside of the telecom industry probably aren't aware of or care much about. Let's just say it's very useful for testing purposes and it's a great way to send a small amount of data to the entity you're calling if you're not using something like UUI.