backtop

Print 43 comment(s) - last by delphinus100.. on Apr 18 at 2:18 AM

  (Source: Mega How To)
Collectors, prankers beware, the change in laws puts certain practices in jeopardy

Caller ID spoofing has been a popular practice for many years in the U.S.  Many have a form of caller identification and use it to screen their calls.  Much like email spoofing, caller ID spoofing causes the message to look like it originated from someone other than the real sender.

Many businesses offer spoofing service either online or via the phone.  Among the legitimate uses of spoofing are to allow businesses IDs to appear when owners are making calls from outside phones (such as a home phone) and to allow businesses to replace the calling number with the appropriate callback number.  Private investigators and collections agencies often use spoof as well, in a more questionable manner.

Spoofing has also been used by criminals to steal money from victims by tricking them into revealing personal information.  Last year a ring of crooks stole $15M USD using phone spoofing according to Representative Eliot Engel (D-NY).

After much debate, the House has passed the bill Truth in Caller ID Act of 2010" [PDF], H.R. 1258, an amendment to the Communications Bill of 1934.  The bill effectively bans caller spoofing in the U.S.  The Senate already passed a similar bill in February, so President Obama should soon sign the Act into law.

The bill makes it illegal "to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud and deceive."

It applies to both land lines and voice-over-IP networks (VoIP) and any other "real time voice communications service, regardless of the technology or network utilized."

Under the bill, you can still block your own outgoing caller ID information.  But trying to modify it may result in criminal and civil penalties, assuming it can be proven that you intended to "defraud and deceive".  Businesses may be exempt, assuming they're using spoofing for legitimate purposes as outlined above and not suspect practices like stealth telemarketing.

Civil prosecution generally carries a lower burden of proof, so businesses such as repossession firms may be hit with civil fine but escape criminal prosecution.

Law enforcement officials in the U.S. are exempt from the ban.

CTIA, an international trade group, released a statement praising the move.  It writes, "CTIA and the wireless industry support making caller identification spoofing illegal as the applications of such an activity are usually for malicious purposes. We appreciate the House passing this important consumer protection measure."

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Right ???
By Reclaimer77 on 4/15/2010 10:33:36 AM , Rating: 1
I wasn't aware that it was a guaranteed right that you know the number that's calling you. And if it's not, then how can spoofing or altering it be illegal ?




RE: Right ???
By JasonMick (blog) on 4/15/2010 10:49:41 AM , Rating: 4
quote:
I wasn't aware that it was a guaranteed right that you know the number that's calling you.


Well as far as "rights" go this is a gray area of the law, as there obviously were no phones when the founding fathers were formulating the Bill of Rights and principle freedoms.

Its kind of a minor issue, but when some are using spoofing in scams to steal information from people, it becomes a problem.

Overall legitimate businesses should not be seriously impacted and it should help prevent abuse.

Generally laws like this are not actively enforced, but are used selectively in cases of abuse. That way when scammers get caught they can be charged not only for credit card theft but for using spoofing in a criminal scheme. That adds years and dollars to their criminal and civil penalties and deters that kind of behavior from occurring.

Of course that can run the risk of profiling or selective prosecution, but in this case I don't see many legitimate reasons why individuals would spoof.

There are legitimate reasons for businesses certainly, but as I state the impact to them should be minimal.


RE: Right ???
By Anoxanmore on 4/15/2010 11:02:23 AM , Rating: 2
I revise my original mud wrestling competition, I'd like to see it between Jason and Reclaimer :)

Pirks can referree since he is so unbiased. ;)


RE: Right ???
By Reclaimer77 on 4/15/2010 11:04:02 AM , Rating: 3
Good post Jason

quote:
Well as far as "rights" go this is a gray area of the law, as there obviously were no phones when the founding fathers were formulating the Bill of Rights and principle freedoms.


Of course. But I would argue that the First Amendment and the right to privacy covers this pretty clearly.

quote:
Its kind of a minor issue, but when some are using spoofing in scams to steal information from people, it becomes a problem.


But that's already illegal isn't it ?? Did we really need ANOTHER law specifically to cover how the crime takes place via phone number altering ?

quote:
Generally laws like this are not actively enforced


Exactly, good point. As you know Jason I hate redundant unenforceable laws. Don't get me wrong, I don't think this is a huge issue either way. I just would have preferred the reasoning behind it to be a little more solid. And I don't think we needed a new federal law/act to cover this.


RE: Right ???
By JasonMick (blog) on 4/15/2010 1:06:41 PM , Rating: 3
quote:

Exactly, good point. As you know Jason I hate redundant unenforceable laws. Don't get me wrong, I don't think this is a huge issue either way. I just would have preferred the reasoning behind it to be a little more solid. And I don't think we needed a new federal law/act to cover this.


I agree, a far BETTER way to strengthen punishments is to revise existing laws to make them more explicit and add longer punishments to the law in certain scenarios.

It seems like the consensus among both the (D) and (R)'s these days, though is to simply pile on more laws rather than clarifying and improving existing ones. I think you hit the nail on the head when you pointed out that's a big problem.

About the only concern I have with revising laws, is that if you follow that approach, you have to be careful there's enough transparency. Otherwise you run the risk of special interests of all sort sneaking clauses into existing laws.

Governing is harder than people think... What often strikes me is how any approach you take can have negative consequences.

For example if you opt for more government and more regulation (the current bent in the U.S.) you run the risk of limiting the free market and personal freedoms. On the other hand if you practice a laissez-faire approach like local authorities do in China, you end up with the kinds of deaths and illnesses from poisonous/defective products and unsafe work practices that seriously hurts your standard of living (In China such events are punctuated by occasional reactionary crack-downs from the nation government and pressured local authorities).

Ultimately government officials need to try to shoot for the middle, maximizing the standard of living and freedoms of the nation's citizens, while keeping government small enough that it doesn't become a detriment to those goals. However, that's a very hard target to hit.


RE: Right ???
By bupkus on 4/16/2010 8:09:42 PM , Rating: 2
quote:
I agree, a far BETTER way to strengthen punishments is to revise existing laws to make them more explicit and add longer punishments to the law in certain scenarios.

Considering how obvious this option is, perhaps the purpose is instead to provide justification to request wiretaps from judges and approach discovery and investigation from a new angle.


RE: Right ???
By Jaybus on 4/17/2010 10:31:20 AM , Rating: 3
There is a difference between "right to privacy" and "right to anonymity". Bills of sale far predate the Constitution, and the identification of buyer and seller in a business transaction was long ago made precedent. However, there are no criminal laws, with the exception of treason, specified in the US Constitution due to the simple fact that it was an issue left to the States.

Many states have laws regarding telephone solicitation. For example, Tennessee requires solicitors to maintain a "do not call" list. When a person receives a call from an unwanted solicitor, they can request to be put on their do-not-call list, and the solicitor is then supposed to not continue calling them. An opt-out system, in other words.

These state laws, however, are not very effective. The callers are often not within the state, making it cumbersome or impossible to enforce. Because of the interstate (and international) nature of the telephone system, this is clearly within the purview of the Interstate Commerce Act, giving Congress the authority to govern CallerID.

Do we need another law? Yes, we need a federal law, because the States have jurisdiction problems when enforcing their state laws on interstate calls, much less international calls.

IMHO, this is way past due. In addition, the FCC should require all carriers to provide a user configured blacklist for each phone, or alternatively the phone manufacturers should be required to provide a user configured blacklist on new phones.

A user configured blacklist protects the right to privacy. There never has been a right to anonymity.


RE: Right ???
By Fracture on 4/15/2010 2:32:29 PM , Rating: 1
If there's ever a Right to Privacy Act, this bill will easily find itself in a legal catch 22.

It inherently negates the right to privacy for this medium of communication - perhaps they mean to kill phones and leave the future to internet only?


RE: Right ???
By Lerianis on 4/15/2010 3:08:14 PM , Rating: 2
No, it doesn't, because as long as you don't do something with INTENT TO DECEIVE OR DEFRAUD, you are just fine.

Just spoofing something when you don't intend to deceive someone into thinking that you are someone else maliciously would still be legal.


RE: Right ???
By Fracture on 4/15/2010 5:02:42 PM , Rating: 2
It shouldn't be illegal that caller ID is outsmarted, rather that you represent yourself as someone else deceiptfully during the call, which would have nothing to do with the act of spoofing itself.

And intent is next to impossible to prove without a recording of the conversation, bringing us back to my first point, that spoofing is merely a tool, not a crime.


RE: Right ???
By Reclaimer77 on 4/15/2010 3:08:12 PM , Rating: 2
We shouldn't need a "right to privacy act" though. Our right to privacy is clearly a guaranteed Constitutional right.


RE: Right ???
By Fracture on 4/15/2010 5:18:20 PM , Rating: 2
Except its not. Not even close to clearly or explicitly.
What you have is this:

-First Amendment right to free assembly.
-Fourth Amendment right to be free of unwarranted search or seizure.
-Ninth Amendment declares that the fact a right is not explicitly mentioned in the Constitution does not mean that the government can infringe on that right.
-Fourteenth Amendment due process right, recognized by the Supreme Court as protecting a general right to privacy within family, marriage, motherhood, procreation, and child rearing.

These amendments and the cases that set precedent for them don't guarantee anonymity, but rather protection from intrusion by the government on how to conduct personal affairs such as those listed with the Fourteenth Amendment.

These cases are more related to the way we choose to express our First Amendment rights, and that we should not fear retribution or reprecussions caused from actions protected by those rights.


RE: Right ???
By xRyanCat on 4/15/2010 6:39:18 PM , Rating: 2
Correct.

Most people don't realize there is no Constitutional "right" to privacy. Around the time the Constitution was written (1790 Census) there were 4 million inhabitants of the United States. The population density was only 4.5 people per square mile. Compare that with today's density (2000 Census) of just under 80 people/sq mile.

Historically, a large portion of the population lived in rural areas where you might have had to go miles till you found another home. The founding fathers couldn't have perceived the technological advances that would allow the government to so easily spy into our lives and use that information against us; nor could they foresee what a large role the governments of today play in the daily management and affairs of their citizens. (This is for all countries, the U.S., France, Britain, etc. The fact is as technology and population progress the necessity and involvement of a government also increases.)

In addition to the amendments you listed the, Third Amendment (which prohibits the forced quartering of troops) and the Firth Amendment (right against self-incrimination) are interpreted by common law as having been written with the "intentions" to a Right to Privacy.

Unfortunately, there aren't many concrete laws dealing with privacy. The majority of laws and precedents regarding privacy has been fashioned almost completely by the Judicial branch. By "ruling from the bench" the Supreme Court has with various landmark cases almost single-handedly shaped our country's interpretation of privacy laws. Whereas they should have been outlined by Legislature, but that's another matter.

Long story short, you do have a Right to Privacy in both civil and governmental affairs. However, those rights are established on dubious grounds and are always subject to change with the next court ruling.


RE: Right ???
By rtrski on 4/15/2010 3:13:12 PM , Rating: 3
Privacy .NE. pretending you are someone else.

You can still block or restrict ID. You simply can't replace it with false and misleading ID.

What about that is hard to understand?

I don't want to say who I am, I don't have to (and if you set up your phone to block restricted caller IDs, I don't get thru). I want to say I'm your grandma from Schenectady just to get you on the phone, I'm not taking advantage of "privacy" I'm social engineering you.


RE: Right ???
By jdietz on 4/15/2010 3:34:18 PM , Rating: 2
You can still block caller ID.
It's just no longer a right (used to be) to fake the number or name you're calling from.


RE: Right ???
By energy1man on 4/16/2010 8:34:01 AM , Rating: 2
"Caller ID Spoofing Now Illegal in the U.S."

"The Senate already passed a similar bill in February, so President Obama should soon sign the Act into law."

So until the President signs the bill, spoofing is still legal, albeit for a short time.


RE: Right ???
By delphinus100 on 4/18/2010 2:18:37 AM , Rating: 2
No one said you necessarily had to give it, you just can't fake it...

It's display the truth, or display nothing.


Good...
By Seemonkeyscanfly on 4/15/2010 9:37:58 AM , Rating: 5
I received unwanted calls on lan line as well as my cell phone. So, I'm to the point if I do not know who's calling I will not answer. Like when it say: no caller I.D. or something else. I just figure if the caller does not wish to correctly identify themselves when calling me then they do not really need to talk to me.




RE: Good...
By Anoxanmore on 4/15/2010 10:01:34 AM , Rating: 1
Well not quite good. What will happen is the ID will be blocked so it will say "Restricted" or "Unavailable" as opposed to a fake number.

So... nothing changes.


RE: Good...
By Mitch101 on 4/15/2010 10:35:09 AM , Rating: 1
On some phone systems you can have the system block those so your phone never rings.

quote:
Law enforcement officials in the U.S. are exempt from the ban.


I wish they weren't and here's why.

I received a call from the PBA asking for donations. The caller was very pushy and before I could get a word in was asking for my credit card information to make a donation. They did have all my information and knew who I was and where I lived. Scarry to begin with. The caller ID didn't seem right and the number didn't Google to a known number. I was suspicious of it being a scam and asked for a call back number. Sadly I had to ask a few times. I called and the number did appear to be in their scope of numbers they use however I had to wonder how easy it would be for criminals to do this scam. It still could have been with a spoofed number.

No offense to law enforcement but the method should be met with a little more finesse because of all the crime out there and asking for someones credit card that called me at home knowing my personal information should raise a red flag to anyone. They should have immediately said ok we realize we called you and you have no way of verifying who I am and provided me with their website, address or a direct number on the first request to make the donation.

My 2 cents.

I will also add you should support your local police department. Think about thier job when bullets fly they get a call to go there while I would haul ass outta there. They have to show up and see/support the worst possible accidents and deal with the most unreasonable people. Spend a day in a police station and listen to the stuff they have to deal with in a professional manner and you will have a lot of respect for the job they do.


RE: Good...
By theapparition on 4/15/2010 12:44:11 PM , Rating: 3
PBA is not a state or government entity, and would therefore be required to comply with this law.


RE: Good...
By Seemonkeyscanfly on 4/15/2010 10:47:29 AM , Rating: 4
Well nothing has changed correct... I do not and still will not answer the phone if it says restricted or unavailable. If it was someone I should have picked up for they will leave a voice mail. However, now we should be "protected" from people that will mis-lead or hide who they are when they are calling your phone.


RE: Good...
By rs1 on 4/15/2010 2:50:36 PM , Rating: 5
That's good enough for me. I already don't pick up the phone if the caller id says "Restricted". If people want to get me on the phone, they have to be willing to let me know who they are, first.


Somewhat Misleading
By bhieb on 4/15/2010 10:48:50 AM , Rating: 3
quote:
But trying to modify it will result in criminal and civil penalties

Not true.
quote:
The bill makes it illegal "to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud and deceive ."

Very important clause. The businesses example is a good one, a call from the CEO's cell can still show the headquarters office. It would be a tough case to make even against a prank caller, as there is no attempt to defraud deceive sure, but the quote here says there must be both.

Sorry to nitpick, but typical Mick one part of the story contradicting another. Maybe the actual law says that modifying it in any way is criminal (don't have time/desire to read it all), but that is not what is quoted here.




RE: Somewhat Misleading
By Anoxanmore on 4/15/2010 11:09:06 AM , Rating: 2
quote:

It is illegal to spoof or modify the caller ID service to transmit misleading or inaccurate caller ID information, with intent to defraud or deceive.


That is exactly what the bill says... and takes eight pages.

GO GOVERNMENT!


RE: Somewhat Misleading
By kd9280 on 4/15/2010 12:20:11 PM , Rating: 2
In all fairness - it's really only four pages. The first two are admin stuff and the last two are blank. And the fourth page is almost empty anyway, so it's kinda like three pages.


RE: Somewhat Misleading
By Seemonkeyscanfly on 4/15/2010 4:59:16 PM , Rating: 2
Sound like almost three pages of wasted paper.... The Government is not be very green now are they.. :)


RE: Somewhat Misleading
By MadMan007 on 4/15/2010 5:43:15 PM , Rating: 2
It probably has those stupid 2 inch margins and triple spaced typing that laws tend to have. Why can't the gubment use 1/2" margins and single spaced Times New Roman like everyone else? :p


RE: Somewhat Misleading
By Harinezumi on 4/15/2010 5:06:53 PM , Rating: 2
Writing law is like writing code, and in a very inefficient language at that. It's not enough to simply specify the intent of the law, you have to describe in painstaking detail just how it's going to operate within the existing framework.


RE: Somewhat Misleading
By sorry dog on 4/16/2010 5:20:22 PM , Rating: 2
...and I'll be willing to bet they still didn't get it right.

any language describing intent is asking for the courts to figure it out with varying outcomes.

...and any language in the bill that make special classes of people (law enforcement and business entities) stinks and is also asking for trouble.

Regarding VOIP services, it will probably end up in federal appeals system take a few years to clarify those two pages.


RE: Somewhat Misleading
By Reclaimer77 on 4/15/2010 11:49:05 AM , Rating: 2
Ummm yeah. If that was in the article I wouldn't have even made my post ! Now I look like the dumbass...


What about abuse victims....
By bigdawg1988 on 4/15/2010 9:52:34 AM , Rating: 2
I know someone who was abused and didn't want certain people to know exactly where they were or what their real number was. They had a program or device that would give out random numbers and locations all over the world every few seconds or so. This way they could still call without having to worry about someone tracing them through the caller ID records. I hope there is an exemption in this bill for something like this, especially if they have received an order of protection.




RE: What about abuse victims....
By WoWCow on 4/15/2010 10:05:10 AM , Rating: 3
quote:
Under the bill, you can still block your own outgoing caller ID information. But trying to modify it will result in criminal and civil penalties


Yes, you can still remain anonymous as a caller, you just can't 'fake' your caller ID.


Quick
By corduroygt on 4/15/2010 10:14:46 AM , Rating: 5
Make all your spoofed prank/curse/etc calls to that towing company that sued for $750k while you still legally can :)




Pointless
By nafhan on 4/15/2010 10:47:47 AM , Rating: 2
The technology to spoof caller ID's isn't going to disappear. So, people who use caller ID spoofing in a legit way (i.e. Skype shows your cell number when you call someone, etc) won't be able to do it anymore, but people using it for illegal purposes will continue to do so, it'll just be a little more difficult.




RE: Pointless
By Fox5 on 4/15/2010 1:02:47 PM , Rating: 2
Agreed, Google Voice uses it too, this is basically just going to ruin these VOIP services.


Disgraceful
By FaceMaster on 4/15/10, Rating: 0
RE: Disgraceful
By room200 on 4/15/2010 12:14:55 PM , Rating: 2
You're kidding right? I hope this was sarcasm. If not, then you're an idiot.


RE: Disgraceful
By FaceMaster on 4/16/2010 5:45:37 AM , Rating: 2
Yes, of course it's sarcasm. I'm just seeing if America has a sense of humour.


By immortalsly on 4/15/2010 11:26:16 AM , Rating: 3
One of my friends demonstrated to me using a simple free iPhone app that he could listen to my voicemail. Since I didn't have a password for my voicemail (I do now), all he had to do was spoof my phone number. My phone didn't even ring and took him right into my voicemail with complete access. I don't really care that someone listen to my vm but still, it was interesting and made me wonder how many people out there have had their vm accessed without knowing it (eg: jealous spouses, curious co-workers, friends, etc.). I have Sprint so I'm not sure if the spoofing would work the same way on all carriers.

So people should password their vm, even if it's really annoying to enter it yourself.




So how can they stop this?
By corduroygt on 4/15/2010 10:18:00 AM , Rating: 2
What if you remote desktop into a computer outside the us and make a spoofed voip call from there? I can see a lot of hosting being rented from Canada/Mexico once this becomes law. Telephone is becoming like Internet, where you can't really stop anything.




still leaves a lot to be desired
By vapore0n on 4/15/2010 10:34:50 AM , Rating: 2
A better idea would have been to force business to register their phones so that when they call you you get the name of the business, rather than "unknown"

Sometimes valid calls get registered as unknown though. Happens to me a lot with international calls that I want to pickup, but dont because I dont know the caller.




"Banned?" Not the way I read it.
By CZroe on 4/17/2010 11:55:59 PM , Rating: 2
It doesn't look like it has been banned at all. The laws just changed to make malicious use illegal. It's still perfectly legal for me to use Google Voice to call someone and have the proper return number seen by them.

Anyway, I've always thought that the "Ameritech" A looked WAY too similar to the Anandtech A and something finally shows up here right after Anand changed the style!




"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki









botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki