US House Passes Ban On Caller ID Spoofing 171
smarek writes "The 'Truth in Caller ID Act' passed the US House of Representatives on Wednesday. The legislation is trying to outlaw Caller ID spoofing. In some cases, this spoofing has led to individuals giving out information that has led to identity theft. Last year the NYPD discovered over 6,000 victims of Caller ID spoofing, who together lost a total of $15 million. A companion bill has already been passed by the Senate, and the two are on their way to 'informal conference to reconcile any differences.' The bill that results will most likely pass."
PCWorld's coverage notes that callers will still be able to block their information entirely, and that the bill may have negative consequences for legitimate phone-related services, such as Google Voice.
Re:Yet another legal solution to a technical probl (Score:5, Interesting)
People who steal identities will carry on spoofing caller ID, because they already commit more serious crimes, while users of legitimate services will be inconvenienced. Still, at least the politicians are seen to do something about the problem.
If they really wanted to do something about this, they'd discontinue the entire CallerID system and allow regular folks to use ANI [wikipedia.org] as a standard feature. That's the same system used by both toll-free numbers and emergency services like 911. Unlike CallerID, it's out-of-band and cannot be spoofed by the caller alone. It uses the billing data, the same data that the phone company uses to know whom to charge for the call. By comparison CallerID is a joke.
Of course a lot of the ID theft issues would be greatly reduced if people would use a little sense. That would include never giving confidental information to someone who calls you. If you think that's your bank calling about your account, tell them you are going to hang up and call them back at the number they publish in the phone book or your hardcopy account statements. This simple 20-second step would eliminate a great deal of these problems, no politicians required.
Re:Yet another legal solution to a technical probl (Score:1, Interesting)
But what would be the legitimate uses of caller ID spoofing? I mean, blocking is still fair game, so this act doesn't really change anything for people without a nefarious agenda. Just wondering, I don't think spoofing was ever possible in my country, at least I haven't heard of it, so I have no idea why it would be useful.
Re:Yet another legal solution to a technical probl (Score:5, Interesting)
Using ANI (Billing Number) for all calls would probably be a bad idea. Say you're calling someone you have a business relationship with from your phone at work (technology type doesn't matter here). If billing number was the only thing available, every single call from your company would show up with the same number. Probably your main line that goes to a receptionist. In some situations this is what people want (telemarketers for instance) but in what many view as more legitimate business it would be annoying.
I'd hate it if every time various vendors that I have multiple account managers called my cell phone it just said "AT&T employee" etc. I like knowing who I'm going to be talking to.
Also, this completely ignores some of the other valid reasons for setting a caller ID value that most people outside of the telecom industry probably aren't aware of or care much about. Let's just say it's very useful for testing purposes and it's a great way to send a small amount of data to the entity you're calling if you're not using something like UUI.
Re:Fine by me (Score:4, Interesting)
Re:Yet another legal solution to a technical probl (Score:2, Interesting)
Caller ID is *not* in-band any more than connection routing is.
I have a T1 ISDN link in the U.S. There are 7 dynamic voice trunks on that T1 link. We have a pool of multiple phone numbers.
When the call is being set up, my switch (asterisk) sends out a message indicating the calling number. The contents of this message are taken by our telco's switch at face value, as long as the number is 10 digits long.
This number is recorded in the detailed billing statement we get (for international / overage long distance), but it is not actually used for billing by our telco! Any call going out through our T1 link is billed for by the telco, no matter what garbage is being sent out as the calling number identification.
I can set asterisk to send any number, and that is the number that will be displayed to the called party. I have been experimenting with setting up a local GSM mini-cell to make use of cellphones within the building essentially "free", and obviously if such calls were routed over our ISDN link, the indicated numbers would be those assigned to the cell subscriber, not those of our number pool.
We obviously don't use it for anything nefarious, but I presume that many VoIP trunk providers will do it in the same way. It's somewhat hard for them to really filter the phone numbers on egress, since they may not have full knowledge of all phone numbers assigned to us: for example, we may have an 800 number through another provider that we want to display, or even a bunch of regular numbers via another provider B, that are being routed out via provider A due to -- say -- link loss caused by a backhoe two blocks down the street.
So this is nothing about in-band vs. out-of-band. It is about making the phone system work as you'd expect, vs. making things hard.
The only technical solution would be a realtime database used for egress filtering of calling number identification -- it'd link together all phone numbers assigned to a particular subscriber. And then we again run into problems of what really is a subscriber: suppose you have separate units of a big corporation, that get separately billed for service, and are really considered separate subscribers. Now suppose that for redundancy and continuity of service, the IT/comms people in Unit A and Unit B agree to carry the other unit's data and voice traffic to maintain service in cases of various failures. Now the realtime database needs respond as if both subscribers were one. And so it goes -- it's
not exactly trivial.
Making it illegal to purposefully mislead people is OK in my book.
Re:Fine by me (Score:2, Interesting)
its *57 in most places, no 69. Also, in most cases, this is something you have to request your carrier to enable on your line (its free, but not automatically enabled, since the trace happens every time once enabled and only "saves" the trace then pressed, it has a cost the them on some small level if you're not using it).
Further, *57 traces can not be provided to you, only your local magistrate, which means you need to sue someone to get it, and even then for the real scammers, this is easily overcome.
Further, Vonage, Skype, and most mobile phones do not offer this feature, only land lines.
Voice Vote (Score:3, Interesting)
That practice, not recording each rep's vote, should be illegal.
Re:Yet another legal solution to a technical probl (Score:3, Interesting)
I am frequently baffled why so many of my jokes are modded "insightful" or "interesting". However, I am even more baffled how this got modded "funny"!
Funny mods are the new Overrated, but they're even more insidious. When you get moderated Funny you don't get any karma. When you get modded with any negative moderation, you lose karma. So moderating a comment funny when you think it will be moderated both positively and negatively is an attempt to steal the poster's karma.