Discussion:
Truth in Caller ID Act
(too old to reply)
Dave
2007-04-11 20:50:30 UTC
Permalink
Now that I moved back to the USA and set up phone service I've been
getting hammered by illegal prerecorded telemarketing calls. Often
times the caller ID is spoofed on these calls. I've always had sort
of a sideline interest in telecommunications and so I started reading
about Caller ID spoofing. Apparently there has been a lot of talk
around the US about making caller ID spoofing illegal including a
"Truth in Caller ID Act". Somehow I doubt the telemarketers will be
dissuaded.

Now forgive me as I know very little about how actual telephone
networks function, but it seems like it would be trivial for the phone
companies themselves to seal up this gaping hole in security. Would
it not be much simpler for the US government to just hold the
telephone companies accountable for this billable service they
provide? Why don't the central offices just reject any incoming
Caller ID info and stamp on the correct info? In the case of VoIP,
stamp on the VoIP provider's phone number and require VoIP providers
to divulge the contact info of it's subscribers to called parties....
In the case of calls from unknown or untrustworthy providers - don't
provide any caller ID... Is there something technologically impossible
or unfeasible about these ideas? There has to be something I'm
missing.

If it requires caller ID technology upgrades, then why not just rip
off the band-aid and do it. 10 years from now we'll all have phones
that support the new protocol and hopefully a feature for upgrading
the caller ID software. I just don't see why the government would
even bother with making impossible to enforce laws aimed at the
telemarketers.

Enlighten me...

Dave
Linc Madison
2007-04-11 23:25:44 UTC
Permalink
Post by Dave
Now that I moved back to the USA and set up phone service I've been
getting hammered by illegal prerecorded telemarketing calls. Often
times the caller ID is spoofed on these calls. I've always had sort
of a sideline interest in telecommunications and so I started reading
about Caller ID spoofing. Apparently there has been a lot of talk
around the US about making caller ID spoofing illegal including a
"Truth in Caller ID Act". Somehow I doubt the telemarketers will be
dissuaded.
Now forgive me as I know very little about how actual telephone
networks function, but it seems like it would be trivial for the
phone companies themselves to seal up this gaping hole in security.
On ordinary single-line telephone service, the Caller ID data is
inserted by the telco switch. The problem comes from PBX's. The telco's
line ID for the trunk is pretty much useless for Caller ID purposes,
especially since on most PBX's that line is outgoing only. In fact, it
may even have a non-dialable number, like (xxx) 0xx-xxxx. Thus, the PBX
inserts the Caller ID data, which the telco accepts on faith. It's very
difficult to separate out the PBX administrators who "accidentally"
transmit invalid CLID from the ones who do it intentionally.

It should be possible, though, for the telco to do some sort of "sanity
check," making sure that the CLID is at least a potentially valid
number, or better yet ensuring that the CLID transmitted by a PBX is
within a specified range of numbers. For example, the PBX might have
DID numbers of xxx-2000 through xxx-3999. If that's too much to do in
real time, telco could at least do random spot checks.

I recently got a call from "Rachel" of "Cardholder Services," offering
me my "final opportunity" to lower my interest rate on my credit card
debt (if I owe more than $2,500). Unfortunately, my phone with CLID
display wasn't connected, but I've discovered that the same recording
pops up all over the country, often with completely bogus CLID -- for
example, non-existent area code.

A few years ago, I was getting illegal prerecorded telemarketing calls
to my personal 800 number in the wee hours of the morning, even on
weekends. Happily, in that instance, the number to call back for more
info (about automated telemarketing services, naturally) was a personal
800 number that rang into the owner's bedroom, and there were more
payphones in my neighborhood than he had slots in his call-blocking
list. I suspect it was his wife who made him turn off the robodialer.
--
Linc Madison * San Francisco, California * Telecom at Linc Mad d0t c0m
URL: < http://www.lincmad.com > * North American Area Codes & Splits
Read my political blog, "The Third Path" <http://LincMad.blogspot.com>
US, California, and Washington State laws apply to LINCMAD.COM e-mail.
Grant Edwards
2007-04-11 23:36:25 UTC
Permalink
[...] Happily, in that instance, the number to call back for
more info (about automated telemarketing services, naturally)
was a personal 800 number that rang into the owner's bedroom,
and there were more payphones in my neighborhood than he had
slots in his call-blocking list. I suspect it was his wife who
made him turn off the robodialer.
Payphones?

Like the ones you see in old movies and TV shows where you put
coins in? ;)

OK, they're not quite that rare... yet.
--
Grant Edwards grante Yow! I'm shaving!! I'M
at SHAVING!!
visi.com
h***@bbs.cpcn.com
2007-04-19 20:29:33 UTC
Permalink
Post by Grant Edwards
Payphones?
Like the ones you see in old movies and TV shows where you put
coins in? ;)
OK, they're not quite that rare... yet.
They're getting harder to find. In NYC there are lots of them. To my
pleasure, many offered 25c/minute long distance.

A recent TV show just pictured a person using a pay phone, with the
ding-ding sound when she put in the coin. Payphones haven't done that
in years. Ironically, the story line was about the girl earning some
extra money to get her own cell phone. She was grossed out using the
dirty school's pay phone.

They tell me schools have removed pay phones because the kids used
them for abusive purposes.
T
2007-04-20 22:45:44 UTC
Permalink
Post by h***@bbs.cpcn.com
Post by Grant Edwards
Payphones?
Like the ones you see in old movies and TV shows where you put
coins in? ;)
OK, they're not quite that rare... yet.
They're getting harder to find. In NYC there are lots of them. To my
pleasure, many offered 25c/minute long distance.
A recent TV show just pictured a person using a pay phone, with the
ding-ding sound when she put in the coin. Payphones haven't done that
in years. Ironically, the story line was about the girl earning some
extra money to get her own cell phone. She was grossed out using the
dirty school's pay phone.
They tell me schools have removed pay phones because the kids used
them for abusive purposes.
I remember seeing the old three slot pay phones but never got to use
one. The only payphones I'd ever used were the armored types, where you
could hear the beeps in the handset when you dropped coins in the chute.
h***@bbs.cpcn.com
2007-06-01 16:44:01 UTC
Permalink
Post by T
I remember seeing the old three slot pay phones but never got to use
one. The only payphones I'd ever used were the armored types, where you
could hear the beeps in the handset when you dropped coins in the chute.
To be honest, there wasn't anything special about using a 3-slot phone
(other than hearing the gong for the quarter).

But what is sadly missed are the "full service" telephone booths that
went with them. First off, the booth gave you privacy and isolated
you from area noise, something desperately needed today. Second, it
was pleasant, it had a fan you controlled, a little seat, light, and a
little table. You could make a call, take notes, etc. Office
buildings, train stations, drugstores and other public spaces had such
booths. Other phonebooths were stand-up, but they still had a door,
light, and fan.

The classic ones were handsome and made of wood. In the 1960s they
had some experimental modern designs, such as circular glass and round
sliding doors. When they went to pedestals originally the pedestal
had acoustic sides to it and some space between it and the next phone
to give some privacy and noise protection. Using an open pay phone in
a hard surfaced hallway is lousy today.


There's a Verizon phone booth on the highway that I need to photograph
before it's gone.

Doug McIntyre
2007-04-12 00:27:52 UTC
Permalink
Post by Linc Madison
It should be possible, though, for the telco to do some sort of "sanity
check," making sure that the CLID is at least a potentially valid
number, or better yet ensuring that the CLID transmitted by a PBX is
within a specified range of numbers. For example, the PBX might have
DID numbers of xxx-2000 through xxx-3999. If that's too much to do in
real time, telco could at least do random spot checks.
Most telco's do enforce range checks for outbound CLID on DIDs on
*new* service for PBX connections (ie. PRIs). Existing service tends
to be left alone, as breaking something without notice really makes
customers anoyed, and who knows what they are doing, or how to explain
a new restriction back to the end-customer?
Post by Linc Madison
I recently got a call from "Rachel" of "Cardholder Services," offering
me my "final opportunity" to lower my interest rate on my credit card
debt (if I owe more than $2,500). Unfortunately, my phone with CLID
display wasn't connected, but I've discovered that the same recording
pops up all over the country, often with completely bogus CLID -- for
example, non-existent area code.
I find that most telemarketers don't put any CLID on the
line. Subscribing to a service such that it blocks calls that don't
have CLID really cuts down on telemarketers. That, plus being on the
do-not-call list effectively puts me at the only telemarketing calls
we get are from the likes of ARC which we've donated to in the past.
I can't think of a single telemarketing call otherwise received.
Dave
2007-04-12 05:21:36 UTC
Permalink
Post by Linc Madison
On ordinary single-line telephone service, the Caller ID data is
inserted by the telco switch. The problem comes from PBX's. The telco's
line ID for the trunk is pretty much useless for Caller ID purposes,
especially since on most PBX's that line is outgoing only. In fact, it
may even have a non-dialable number, like (xxx) 0xx-xxxx. Thus, the PBX
inserts the Caller ID data, which the telco accepts on faith. It's very
difficult to separate out the PBX administrators who "accidentally"
transmit invalid CLID from the ones who do it intentionally.
Ok but the point of caller ID as far as I am concerned is
accountability. I'm not concerned if I can't actually dial the number
that shows up on my caller ID, as long as it leads to information
about who called me. Sure, It would be nice to always be able to flip
to my caller ID numbers and re-dial or save that number for whatever
reason, but I for one, would gladly give up that ability for those
calls I receive that originate from behind a PBX. There are very few
callers who call me from behind a PBX that I actually want to call
back, and even so I would just learn to recognize their outgoing CLID
and substitute their regular business number when I wanted to return a
call. Alternatively, the telco could require the subscriber to
provide a single valid call back number that the telco would then
insert. Why not eliminate the option for PBX administrators to insert
their favorite number? Doesn't seem like a big deal to me.

Telemarketing isn't the only reason to close this gap in security.
There have been incidences of Phishing where a spoofed caller ID is
used to lure people into believing that their bank is calling them and
needs to verify account details. There is one case of a man calling
in a hostage situation to police using a spoofed caller ID. So the
swat team showed up at some lady's house and ordered her out with her
hands up... much to her surprise....

It seems awfully complacent to stand by and ignore this wide open hole
in the system.
T
2007-04-12 21:58:48 UTC
Permalink
Post by Dave
Post by Linc Madison
On ordinary single-line telephone service, the Caller ID data is
inserted by the telco switch. The problem comes from PBX's. The telco's
line ID for the trunk is pretty much useless for Caller ID purposes,
especially since on most PBX's that line is outgoing only. In fact, it
may even have a non-dialable number, like (xxx) 0xx-xxxx. Thus, the PBX
inserts the Caller ID data, which the telco accepts on faith. It's very
difficult to separate out the PBX administrators who "accidentally"
transmit invalid CLID from the ones who do it intentionally.
Ok but the point of caller ID as far as I am concerned is
accountability. I'm not concerned if I can't actually dial the number
that shows up on my caller ID, as long as it leads to information
about who called me. Sure, It would be nice to always be able to flip
to my caller ID numbers and re-dial or save that number for whatever
reason, but I for one, would gladly give up that ability for those
calls I receive that originate from behind a PBX. There are very few
callers who call me from behind a PBX that I actually want to call
back, and even so I would just learn to recognize their outgoing CLID
and substitute their regular business number when I wanted to return a
call. Alternatively, the telco could require the subscriber to
provide a single valid call back number that the telco would then
insert. Why not eliminate the option for PBX administrators to insert
their favorite number? Doesn't seem like a big deal to me.
Telemarketing isn't the only reason to close this gap in security.
There have been incidences of Phishing where a spoofed caller ID is
used to lure people into believing that their bank is calling them and
needs to verify account details. There is one case of a man calling
in a hostage situation to police using a spoofed caller ID. So the
swat team showed up at some lady's house and ordered her out with her
hands up... much to her surprise....
Actually it was Justin of justin.tv who also had his CLID spoofed to
911. Here's what bothers me most, E-911 uses CLID and not ANI and that
really makes me wonder.
Post by Dave
It seems awfully complacent to stand by and ignore this wide open hole
in the system.
In traces I've done, most are using fly-by-night providers who don't
give a crap what you send as CLID. 800 services are cheap enough that I
just use that now. That way I get ANI sent to me as CLID. It works
beautifully.
h***@bbs.cpcn.com
2007-04-19 20:34:15 UTC
Permalink
Post by T
Here's what bothers me most, E-911 uses CLID and not ANI and that
really makes me wonder.
Are you show about that? That means if someone *67 (caller ID block),
the number wouldn't show.

Since 911 is a specialized service with trunk seizing, I would think
it would always use ANI for greatest reliability.


By the way, there are 800 services in which you call them and for a
fee, forward a call to someone with a spoofed caller ID. Apparently
perfectly legal. They have a disclaimer "For entertainment purposes
only". I think that ought to be illegal.

I think caller ID should be limited to the phone number only, not the
name.
a***@pdxusa.net
2007-06-01 08:07:46 UTC
Permalink
We are a newly telecom carrier offering VOIP service with advanced
caller identification features. No more spoofed caller ID with
PDXUSA. See more at our website.

http://www.pdxusa.net

Everything is in development stages so be patient.
Loading...