Caller-ID Spoofing: LegislationCaller-ID Spoofing: Legislation
We expect privacy, want safety and security and still expect to know who's calling us.
May 24, 2010
We expect privacy, want safety and security and still expect to know who's calling us.
Language of this Bill amends the Communications Act of 1934 to prohibit manipulation of caller identification information, and for other purposes and reads, "IN GENERAL--It shall be unlawful for any person within the United States, in connection with any real time voice communications service, regardless of the technology or network utilized, to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive."Spoofing Caller-ID is easily accomplished, and a business argument remains that the proposed legislation would harm businesses since businesses want to continue to use Caller-ID spoofing to pass the company's MBTN (Main Billed Telephone Number) and not reveal employee's home, cell and other phone numbers, which is reasonable. Clearly, these intentions of enterprise are not fraudulent or deceptive practices but seek privacy.
Almost every month a company operating under the name of Atlas Supply aka Atlas Contractors operating somewhere in Tempe, Arizona calls our office pitching drill bits, illuminated extension cords or some other tool. The conversation is almost always the same, "Hi Matt, how ya doing, do you remember me--if you can remember my name I'll send you a new Cadillac." I did a web search and found numerous postings about the company, their business practices and many complaints about their telemarketing behaviors. The victim company that operates under the original name of Atlas Supply Inc., since 1917, has dedicated a webpage to defend their reputation against the company calling me and many other folks. On the company contact page they've listed "If you're getting calls from someone claiming to be from Atlas click here for more information."
I wanted to get a feel for how the folks at Atlas Supply feel about the legislation and a sense for how the telemarketing company that is using their name and operating in Tempe, Arizona is impacting their business. Jessica McIntosh of Atlas Supply is third generation of the founder working for the company and tracking the caller complaints that her company has received since 2007. Her family and their dedicated employees over many years built a company with a respected name, and many folks know--a name is something more than just a brand. Jessica said, "Everyone is passing the buck," when it comes to enforcement. "The carriers don't care" and law enforcement is dealing with slippery people that move. She also said, "Time and effort taken away from our customers dealing with people that are not even our customers to protect our company and reputation," and this is the cost of just one bad telemarketing company borne by someone else.
I've written about Spoofing Caller-ID and No Jitter readers commented, "get over it" and "not to over burden the system with trivial laws." The company that operates in Tempe recently dropped sending any Caller-ID and continues to use the name of a reputable company in a similar trade.
There are many other possible scenarios out there--say, college kids that order pizzas showing a different name and number each time. On a more sinister note: calls can be placed to 911 centers, schools, police stations; hospital and government offices with the intent to cause mayhem, make false reports and cause the misuse of resources. Spoofing names is not new and Caller-ID spoofing is or was a business for some. The possibilities are endless, although users have come to accept and trust Caller-ID services. It doesn't seem likely that trust will remain beneficial since it can be so easily violated. Then, when you speak with the carriers and ITSPs about specific settings for anything related to Caller-ID (name, number), they all pretty much say the same thing, "we pass what you send."
Some telemarketers are operating boldly because they don't spoof their Caller-ID and do send their CLIP or toll free numbers, hoping that people will return calls out of curiosity. Some will social engineer the people they call upon. They use automated systems, predictive dialing and computer apps similar to war dialing that hands off answered calls to an agent. The handoff is noticeable since there is usually a two or three second delay after the called party answers.
Last week I discussed the issue with the cases involving the FBI and why numerous people had to change their telephone numbers. The details describing calls listed in the FCC online complaint tool are strikingly similar to the kinds of calls in schemes that the FBI is investigating and warning about telephony denial of service (TDOS):
The perpetrators are suspected of using automated dialing programs and multiple accounts to overwhelm the land and cell phone lines of their victims with thousands of calls. When the calls are answered, the victim may hear anything from dead air (nothing on the other end), an innocuous recorded message, an advertisement, or even a telephone sex menu.
It's easy to dismiss Caller-ID spoofing and telemarketing practices that operate on the edge or gray areas of the law. Caller-ID was never intended as a weapon or tool to use as a guise to mask identity. Without legislation that is enforceable with meaningful consequences, customers can expect just another page on a website to "click here" and hope that someone acts on the complaint. The issues of Caller-ID aren't exactly simple either. You see, folks want privacy and so do businesses in the way of protecting telecommuter home and private cell numbers.
Business owners don't want SPIT hitting their pipes or cell phones. Spam over VoIP is in essence unwanted telemarketing calls and not just the illegal methods described in the FBI's release about TDOS. From another perspective, SPIT wastes resources on converged pipes carrying voice and data that businesses pay for. Call on businesses and you should expect to give up your phone number since it's a reasonable exchange and expectation. Then, our industry retains a black eye from "slamming to spamming" and folks were on the hook financially speaking for these practices. It's not that privacy isn't respected, but should companies or consumers expect to pay for someone else's privilege to abuse their services and resources at the expense of preserving privacy?
In attempts to reveal caller's identities it's not cut and dry either. This poses potential problems for first responders, law enforcement agencies, schools and public places and businesses when confronted with threats. Tracing calls and caller identities isn't guaranteed. Even recording all calls over VoIP and decrypting security headers isn't a sure thing either.
To fully understand Caller-ID, I think those attempting to write and pass new laws need to understand that having another law on the books, as one reader commented, could become "trivial law." In that vein the reader is correct because without understanding the needs of business and consumers the new law may become just that. Our current systems (networks) have flaws and these are the gaping holes in security that violate a basic trust once established by an old and still imperfect system. We expect privacy, want safety and security and still expect to know who's calling us. As crazy as it sounds, this is one heck of an opportunity and I hope we can get it right.We expect privacy, want safety and security and still expect to know who's calling us.