FCC Ups Penalties For Caller ID Spoofing

GovTechGuy writes "The FCC adopted new rules on Thursday that would significantly increase the penalties for individuals or organizations that alter their caller ID information to commit fraud or with other harmful intent. The new rules allow the FCC to fine violators $10,000 per violation plus more for every day it continues. Users can still change their caller ID info as long as it's not for fraud or harmful purposes."

Harmful

[spauldo]

Is telemarketing harmful? Because every time I get one of those bastards calling me, I want to harm them.

(Yes, I know about the DNC list. I'm on a cell phone)

Re:Harmful

[CTU]

So cell phones can't be put on a DNC or something?

Every time I get a Telemarketer call, it is a recorded message, so I just hang up.

and I only have a cell phone

Re:Harmful

[ocdude]

I have both lines of my cell phone account on the DNC list. Just because it's a cell phone doesn't mean you can't list your number on DNC.

Re:Harmful

[geminidomino]

So cell phones can't be put on a DNC or something?

Back when it first came around, they actually didn't have to be, since it was already illegal to make telemarketing calls to cell phones -- the one good thing about our telephonic overlords charging us for incoming calls: it was determined, like junk-faxing, to be 'cost-shifted' (I think... been awhile) advertising.

Nowadays with number portability and all, I imagine it would be much more difficult to keep track, though.

And in both cases, the ones who would ignore one set will ignore the other, and the rules about robodialing recordings to... The goddamn "This is cardmember services!" and "An important message from your auto dealership!" robo-scammers are the only marketers who call my cell these days (I don't even answer the landline anymore).

Re:Harmful

You know what my old man likes to do? He works for "The Man" so he uses their tracking software (assuming they call him at work) and goes "How's the weather in Somewhere, TX?" Freaks them out every time. Oh that we could all do that.

Re:Harmful

[Drathos]

But it means you shouldn't have to. It's an FCC violation if a telemarketer or robodialer calls your cell phone. I've become quite familiar with form 1088 with all the complaints I've filed, but rarely does the FCC actually do anything about it (I did receive an apology letter from Dish Network after I filed a complaint about someone trying to sell me their service with a cold call to my cell, but that's one of dozens of cases).

Re:Harmful

Freaks them out every time.

No, he just wants to think that it does.

Re:Harmful

[CTU]

I get them as well. I don't always pick up tho

Re:Harmful

[geminidomino]

I wouldn't either if one of my bosses' damn cell phone didn't seemingly-randomly come up as "Restricted" as often as it came up with her name. And she's the good one: when she calls me off-hours, there's usually a real problem.

fraud or harmful

[bragr]

So how exactly do they define fraud? Is it fraud it I make someone else's name show up to protect my privacy? Is a prank harmful to the other party?

Re:fraud or harmful

So how exactly do they define fraud? Is it fraud it I make someone else's name show up to protect my privacy?

If privacy was what you were after, you'd just put "Anonymous" or some such in there. So yeah, I'd say that if you put someone else's name their, you're almost certainly committing some sort of fraud.

Is a prank harmful to the other party?

If you have to ask, then yes.

Re:fraud or harmful

[Bengie]

Coming up as just a number or with an "unknown" name is one thing, pretending to be someone you are not, is fraud.

Think of it like this. I go to a bank and say "hi, I'm some random person". The Bank can just reject me because they don't know who I am.

Or I can go to the bank and same "Hi, I'm John Doe" and the Bank says "Hi John Doe, here's you balance", even though I'm not John Doe.

That's the difference between fraud and just remaining anonymous.

Re:fraud or harmful

[kelemvor4]

I define it like this:
fraud[frawd] –noun
1.deceit, trickery, sharp practice, or breach of confidence, perpetrated for profit or to gain some unfair or dishonest advantage.
2.a particular instance of such deceit or trickery: mail fraud; election frauds.
3.any deception, trickery, or humbug: That diet book is a fraud and a waste of time.
I'm pretty sure making someone Else's name show up (regardless of the reason) is fraud. Making it say the name of your business instead of your personal name probably isn't. (e.g. "BendYouOver Inc" in place of "Rick Scott")

Re:fraud or harmful

[Have+Brain+Will+Rent]

That is an excellent question. We kept getting calls where the caller-id changed form "California" to "Montana" to "Ohio" etc. Our bank had given our number to telemarketers. This seems like fraud to me since they are clearly avoiding giving out an actual identifiable company id that you could call screen but they are bypassing the "no caller-id provided" call screening. Periodically changing the state name is a further ploy to make it harder to call screen them.

To me that should all be counted as fraud but is it going to be? I doubt it. We took the only route available and complained to our bank. After several complaints they finally got us taken off the list.

Re:fraud or harmful

"Our bank had given our number to telemarketers. "
Shouldn't that be "Our PREVIOUS bank..."?

Re:fraud or harmful

[DogDude]

When you're sending out junk faxes, it is definitely harmful.

Re:fraud or harmful

[tlhIngan]

That is an excellent question. We kept getting calls where the caller-id changed form "California" to "Montana" to "Ohio" etc. Our bank had given our number to telemarketers. This seems like fraud to me since they are clearly avoiding giving out an actual identifiable company id that you could call screen but they are bypassing the "no caller-id provided" call screening. Periodically changing the state name is a further ploy to make it harder to call screen them.
 

Not really.

They are providing a Caller ID *number*, but they're not providing a name (Caller ID started out only providing numbers - name support came later). For legacy purposes, the phone company supports sending of number-only Caller ID. The phone company then just looks at the area code and does the state name lookup to provide a name you can use (optional - phone company may or may not do it, if they don't, they usually set the name to the number, or set the "no name" flag).

So yes, they are bypassing the blocked number screens by providing a number. Just the name is absent and filled in with the area.

If the calling number is accurate, it's technically not fraud. And if you're screening by name, well, you ought to be screening by number. Most of the time the "caller id blocked" screening also supports blocking by number.

And it's most likely different telemarketers - the work is farmed out after all. One day they'll use a callcenter in California. Another time in Montana, etc.

Re:fraud or harmful

[Have+Brain+Will+Rent]

IIRC: there was never a number displayed just the name - this was on two different phones (same line but not same base stations) so if there was fiddling going on to prevent the number showing it was happening outside our home, i.e. not a case of the phones not displaying information that was being provided (other callers showed name and number).

Re:fraud or harmful

[black+soap]

One of the exceptions to the "do not call" and telemarketing rules in general is "prior relationship." You gave your bank permission to give out your number to select business associates (read:anyone who wants to buy it) and they can legally call you because you agreed to this and they, by way of your bank, have "prior relationship" with you. It is bullshit, but it is a major loophole for the telemarketers.

Probably not going to stop offshore robo callers

[kmdrtako]

Even if you threaten them with the death penalty.

After all, it's just phone calls. If there was oil at stake we'd send the Marines in a heartbeat.~

the intent to commit harm

>> fine violators up to $10,000 every time they change their caller ID information with the intent to commit harm.

I wasn't intending to "harm" them your honor.

Re:the intent to commit harm

[hedwards]

I'm pretty sure that if what you're intending to do is considered to be harmful, then you'd be considered to be intending to commit harm. Which is understandable. To say otherwise would be a bit like saying that you intended to point a gun at somebody and pull the trigger, whereas any reasonable person would say that you intended to kill or at least cause grievous injury.

Fraud is Already Fraud

[bill_mcgonigle]

The FCC is supposed to be regulating the telcos, not the People. That's supposed to take an Act of Congress.

We already have fraud statutes - they should be used.

Re:Fraud is Already Fraud

[ffejie]

The FCC is for regulating the communications infrastructure of the country, not for regulating the telcos.

Re:Fraud is Already Fraud

[chemicaldave]

FTFA

In compliance with the Truth in Caller ID Act signed into law by President Obama last year, the FCC rules would fine violators up to $10,000 every time they change their caller ID information with the intent to commit harm.

Re:Fraud is Already Fraud

The FCC is supposed to be regulating the telcos, not the People. That's supposed to take an Act of Congress.

Yeah, if only Congress had created a federal commission to regulate communication, instead of this mystery "FCC" organization!

Re:Fraud is Already Fraud

[bill_mcgonigle]

Yeah, if only Congress had created a federal commission to regulate communication, instead of this mystery "FCC" organization!

Yeah, that's the problem - the Congress is not supposed to be allowed to give its powers to the Executive Branch - checks and balances and all. The country is rife with stories about regulators giving people a hard time and when they call their Congressmen there's basically nothing they can do about it. Representative government, right?

Re:Fraud is Already Fraud

[KiahZero]

Congress isn't allowed to totally delegate it's legislative powers; however, it is permitted to direct the Executive in a general direction through an enabling statute, so long as there's an intelligible principle guiding action. However, Congress retains its authority - anything a regulator does can be undone by an act of Congress. In this specific instance, the regulator (FCC) is doing exactly what Congress demanded, by implementing the Truth in Caller ID Act in the FCC's rules.

Re:Fraud is Already Fraud

Yeah, that's the problem - the Congress is not supposed to be allowed to give its powers to the Executive Branch - checks and balances and all.

Perhaps it would have been prudent for Congress to confirm each member of the commission before they were appointed, then.

Political Robo-calls

[purduephotog]

How about making it a crime to have a robocall from a politician that has spoofed caller ID?

I'm pretty sure when I was getting phone calls for the 000-000-0000 was not a valid phone number.... and was simply used to block anon call blocking.

Is it personal use if...

[navyjeff]

I've always wanted to spoof my number as "8008135".

Re:Is it personal use if...

When you do, call me. And wear something sexy.

Google voice or multiple phones

I have 3 different phones, but I want users to call me back on one number!

Re:Google voice or multiple phones

Which part of "fraud" is unclear?

Re:Google voice or multiple phones

Seems like your intent is neither harm nor fraud. Continue to do as you are.

Re:Google voice or multiple phones

[skywire]

To a lawyer, every letter.

So do advertising cold-calls count as 'harmful' en

[JustNiz]

I wish those friggin advertising calls wouldn't be allowed to spoof their numbers. As far as I am concerned, getting some stupid marketing company cold-calling my cell even though I am already on donotcall.gov IS harmful.

FCC fail

The FCC missed the opportunity to stop this crime wave against, mostly, elderly semi-disabled seniors in their kitchens. The FCC could easily have said that a local phone company that "knows" (because of complaints or otherwise) it is delivering spoofed cid calls can be held liable. Instead, this lame rule perpetuates the current model -- the phone company gets paid for terminating calls, turns a blind eye, and large numbers of old people who have never even used a computer get whacked by spoofers.

Re:FCC fail

[Skapare]

The phone companies should be required to filter the caller ID info such that if any caller ID values that do not represent a phone number issued to that customer come through, the call will be rejected.

Re:FCC fail

[DarthBart]

What about the termination only providers who don't "issue phone numbers" to customers?

Re:FCC fail

[Sponge+Bath]

Telcos make money directly from phone scammers. Telcos make money from services (caller ID/blocking/etc) to combat phone scammers. Telcos make too much money from both sides to want to address the issue effectively. If they did, this would be a non-problem overnight. Of course, any regulation to address this would be labeled "job killing government takeover" by the GOP/T-Bags.

Re:FCC fail

[bws111]

There already IS regulation, and it is called 'common carrier status'. Which means the telcos are REQUIRED to do business with everyone, whether they want that person for a customer or not.

Re:FCC fail

[sjames]

When the call comes to them, they get the REAL caller info as well as the spoofed ANI. They can perfectly well compare them.

Re:FCC fail

[sjames]

They do have to do business with everyone, but they DON'T have to create an arms race where they offer consumers a for pay service to help screen out scammers and then offer scammers a service to defeat the screening.

Re:FCC fail

[DarthBart]

Uh, no. When I deliver VOIP calls to my termination provider, they get no ANI from me. They just get whatever CID I set in my SIP headers.

Re:FCC fail

[sjames]

Your termination provider knows who you are. If not, why bother to pay them, just connect and go.

Primary Source

[KiahZero]

Rather than parsing a sparse recitation of a press release, people wanting more information could always read the actual document justifying and implementing the new rules:
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-11-100A1.pdf

Re:So do advertising cold-calls count as 'harmful'

[hedwards]

While we're at it, let's ban those stupid calls where they use an unlisted number as well. The majority of the calls I get from telemarketers don't pop up with any meaningful information on my caller ID.

Re:God says...

[TrisexualPuppy]

Yeasayers neither hath neglect nor
inasmuch the tri-trickle marginal oceans
mint for The rocking morning but testing
proves? Or trial with courage? Progress.
coming calls alert protocol sparks then
agitation neglect nor morning rocking
hachure arsenal of Batteries flowing society
Come for TrisexualPuppy

-gen+

It doesn't matter

[Trailer+Trash]

I get sometimes 3 or 4 calls in one day from "Account Services", a scam company that tries to get credit card info from people. I'm on the do-not-call list, and they sometimes even call my cell phone. They do robo calls and they spoof caller id. It's illegal in many different ways.

But I can't get the FCC to pay any attention to them, and I've tried.

They might as well up the penalties to $5 Trillion + death penalty. It doesn't matter. If you're not going to enforce it the actual penalty is irrelevant.

Re:So do advertising cold-calls count as 'harmful'

[Bengie]

There is a guy who makes over $100k/year by reporting people who call him. He purposefully signed up for the do-not-call, but then indirectly gets his names into calling lists. He doesn't request to be solicited, but he knows how certain companies abusively data mine phone numbers and gets his numbers in areas that aren't suppose to be shared, but are.

I guess when you report someone, you also get some of the money from the fine, or at least he did in his state.

Just punch in ...

[Super+Dave+Osbourne]

*67 in the states to get around it and go anonymous. Nobody is likely to answer, but you can always leave a message or try again later. I recall (no pun intended) that a fella craiglisting some game I wanted to buy wouldn't answer his phone but posted it in his duplicate ad on FleeBay. I called, and called, and 2 months later the guy finally answered and explained why he had not been answering. I told him, hey, answer your damn phone if you post an ad with the number. Lesson is you can spoof, you can hike (Skype out has no real numbers associated with it) and of course you can just not call or answer if you choose. But stop wasting time with people if you ask to be called, and then don't answer your phone.

Re:Just punch in ...

*77 to block restricted numbers from calling. Forces you to unblock or the call will not go through at all.

Re:So do advertising cold-calls count as 'harmful'

[jank1887]

reporting someone gets you no money. but, you can privately sue. and settle. If we're talking about the same guy, I think that's his process. If I recall, certain frequent offenders know him by name. he's a cost of doing business to them. it still works for them because he's a rarity.

DNC don't mean dittly squat

[Lead+Butthead]

Just because your number is in DNC registry don't mean squat, I am still regularly receiving unsolicited marketing calls (robocalls and human calls) on both land line and cell line (both of which are on DNC registry.) Yes, I get the urge to introduce the caller to my nail ridden 2x4 clue stick every time I get those calls too.

Re:DNC don't mean dittly squat

[Hamsterdan]

In Canada the way it works is you can download the list for 50$ (in order to skip the numbers listed, or so they say). Basically it gives the scammers a way to get a list. And you have to put yourself on the DNC list every year. Kinda useless IMHO...

Re:DNC don't mean dittly squat

[davester666]

The list might be that cheap for a single town or city, but for a whole province (of which there are 10, for those of you in the US), or for the whole country, it is thousands and thousands of dollars per year to get the list.

And there of been hundreds of thousands of dollars worth of fines given out to lots of companies which have violated the rules for misusing or not using the DNC lists. On the other hand, virtually none of the fines have actually been paid...

Re:DNC don't mean dittly squat

The death penalty? Too good for the bastards. Clamp a phone to their heads and make them listen to unsolicited offers for the rest of their natural lives.

Re:DNC don't mean dittly squat

Do you know Counter Script? At least against humans it could be fun ;-)

just incase folks have not seen this 47CFR64.1200

[RobertLTux]

http://edocket.access.gpo.gov/cfr_2010/octqtr/47cfr64.1200.htm

print that out read it and have it on you when you get one of these calls.
  it begins
" (a) No person or entity may: (1) Initiate any telephone call (other
than a call made for emergency purposes or made with the prior express
consent of the called party) using an automatic telephone dialing system
or an artificial or prerecorded voice;
        (i) To any emergency telephone line, including any 911 line and any
emergency line of a hospital, medical physician or service office,
health care facility, poison control center, or fire protection or law
enforcement agency;
        (ii) To the telephone line of any guest room or patient room of a
hospital, health care facility, elderly home, or similar establishment;
or
        (iii) To any telephone number assigned to a paging service, cellular
telephone service, specialized mobile radio service, or other radio
common carrier service, or any service for which the called party is
charged for the call.."

oh and just for fun it also includes this bit

"(4) Identification of sellers and telemarketers. A person or entity
making a call for telemarketing purposes must provide the called party
with the name of the individual caller, the name of the person or entity
on whose behalf the call is being made, and a telephone number or
address at which the person or entity may be contacted. The telephone
number provided may not be a 900 number or any other number for which
charges exceed local or long distance transmission charges."

i think most call centers will dump the call if you even breath 47CFR64.1200 (or invoke federal law)

Untraceable = Unaccountable

[valderost]

This is worthless pandering. The fact is that there is no way for the receiver of a spoofed CID call to complain. The number on the Caller ID doesn't identify the caller, and the caller won't identify themselves. If you can't identify the caller, you can't complain. If you can't complain, the callers can't be held accountable. The system is broken, and therefore so are all the laws that assume the system is working. Fix the system first, then write new laws if they're needed.

Re:Untraceable = Unaccountable

[e9th]

What can't be spoofed, and why you shouldn't try CID spoofing on, say, ransom demands, is Automatic Number Identification. ANI (not CID) is used by telcos for billing purposes, so spoofing is not allowed, and it is stored for long periods. ANI is also passed to 800 numbers, and to E911 services, so spoofing and *67 are of no use there.

The problem is that telemarketers and fraudsters don't call 911 or 1-800 numbers, and it generally takes a subpoena to get telcos to release ANI information to anyone else.

Re:Untraceable = Unaccountable

Can't you just star sixty whatever them and flag the call as obscene or threatening?

Re:So do advertising cold-calls count as 'harmful'

That's not always possible. I work at a phone survey center (terrible student job ;_;) and we're probably behind a PBX of some sort - we can't TAKE incoming calls on those numbers, so even having it wouldn't do you any good.

Re:Probably not going to stop offshore robo caller

[sjames]

Perhaps we could start testing our new "non-hostile" UAVs on them...

What to do

Use your call forwarding to handle this...simply forward all calls to the head of the FCC @ 202-418-1000...set your call forward to 3 rings and monitor the phone for calls that you want and let the rest go to the FCC. Maybe if they get enough of these calls...they might start to care.