CallerID Spoofing to be Made Illegal

MadJo writes "US Congress has just approved a bill that will make it illegal to spoof CallerID. From the bill: 'The amount of the forfeiture penalty (...) shall not exceed $10,000 for each violation, or 3 times that amount for each day of a continuing violation, except that the amount assessed for any continuing violation shall not exceed a total of $1,000,000 for any single act or failure to act.'"

Interesting

[Travoltus]

That's a law that should be more proactive than reactive.

How about an additional law that makes telephone companies responsible for allowing caller ID spoofing to happen?

Or is that too difficult to prevent?

NannyState?

[Sneakernets]

This isn't "NannyState" at all, this is an attempt at stopping scammers and other slimeballs from taking advantage of people.

Simple question

[TubeSteak]

When the police/people see the incoming phone records, will it show the spoofed number or the real number?

3 times a day

[sxeraverx]

So...If they get caught 3 times in one day, they can do it as much as they want that day? And...If they get caught 100 times, they can do it all they want forever? Fun.

Hope I don't misconfigure my VOIP settings...

[Anonymous Coward]

Man... that's harsh... VOIP let's you reconfigure your CallerID... hope I never get that setting wrong.

By the way, did anyoen see the supreme court rulings today? Is American getting shittier?

Details?

[detain]

Ok so I had recently adjusted my packet8 account to show my name as 'Harry Potter' instead of my real name, would this fall under that law? For the mean time to be safe I reverted it back to showing a proper name, however I much prefer to have it something silly. Do we have anyone that can translate this new law to let us know wether or not this is targeting everyone or just people using it to scam people out of money or use it for social engineering purposes.

That's kinda funny...

[sokoban]

Well, around here the police department spoofs their caller ID info. Any time you get a call from anyone at the police station downtown, it only shows four zeros as the caller ID. It is different from when it says ID unavailable.

Okay, what about calling cards?

[xerxesVII]

My parents insist on using a calling card. When they call me, what comes up in my caller ID is the city where whatever bank they got sorted through is located. For instance, my caller ID will show some 1-800 number and say "MONTGOMERY, AL" or some such city. Would this fall under spoofing?

Fines in America - just can't figure it out

[Bombula]

I don't get why in America we can't figure out that fines only work when the penalty is commensurate with the infraction. If you want fines to work, you have to do what they do in Scandinavian countries - charge a percentage of your income. What is a $500 parking ticket for a billionaire? But $500 will ruin your life if you work for minimum wage. It's not fair, it's not just, and it doesn't work.

Fines for corporations should certainly have a minimum value, but they should have NO upper ceiling. When companies like Microsoft or Phillip Morris or ExxonMobil are fined $200 million dollars - as most of them have been - they don't even blink. It's completely useless. The law in America in this regard is completely idiotic in this regard.

You insensitive clod! I don't have CallerID!

[NotQuiteReal]

I don't have caller ID! Why would I? If I don't want to answer the phone, I don't. (Actually, my wife probably will answer it anyhow, she is kind of type-A that way. But still, I have no problem putting undesirable callers on hold "forever", I am kind of an A-Hole, that way.)

I have saved hundreds and hundreds of dollars over the years for a feature I could have used maybe, once or twice.

Seems like a bargain to me.

Sheesh, you don't have to buy product offered to you.

I am not a technophobe, I have two land lines and four cell phones. The Cell phones come with caller ID "for free".

Re:Fines in America - just can't figure it out

[profplump]

So fines against people don't have a minimum but fines against companies do? What if your $1M minimum fine puts 10 people out of work because the company goes under? Either using a sliding scale or don't; let's not make up silly rules based on angst against "evil corporations".

Nice

[rantingkitten]

I sort of hope it passes, for selfish reasons. I direct the support department at a VoIP provider and I cannot tell you how tired I am of people's endless, nonstop whining about their caller ID, and how they want it changed, and why can't I make it look like they're calling from somewhere else... on and on and on. This will give me a convenient excuse to tell them to shut up.

On a slightly more serious note, though, it's amusing to note why the bill is being introduced. Senator Stevens was blithering about how it's important because people rely on caller ID for "critical information". I cannot imagine what could possibly be considered "critical" about caller ID information, particularly considering what a half-assed hack the entire system is anyway and the lack of any real standards. Please note that caller ID is entirely different from ANI (automated number identification).

Caller ID is a fine example of a semi-convenient feature that people took and ran away with. The general population now sees Caller ID as the Oracle at Delphi, infallable and impossible to live without, and go absolutely apeshit if it's wrong (which is quite often, believe it or not). I guess people just don't understand the technology, but to "rely" on caller ID information is ludicrous.

I remember about fifteen years ago, maybe a bit more, when Caller ID was virtually unheard of, and the Bells were just starting to roll it out to homes. My parents got the little box from Radio Shack, signed up with the service, and my friends and I would rush over to the ID box with childish glee every time the phone rang, cause hey! How cool is this, man!

But in the end that's all we thought about it. It was a cool little novelty. That people take it so seriously now baffles me.

We used to deal with the phone ringing and not knowing who it was in advance with the following method: a) answer the phone, b) don't answer the phone, or c) let them leave a message and get back to them if we feel like it.

Somehow, though, what I don't remember is that the pre-Caller ID era was some kind of a Dark Ages where nobody got anything done.

But you'll never convince the public of this.

Re:Upside-down.

[shaitand]

'claiming you can bench 200 lbs when you can barely press half that is not illegal'

Yup, and its not fraud. Lying and fraud are NOT synonymous. A Fraud is a deception deliberately practiced in order to secure unfair or unlawful gain. Deception in and of itself is neither fraud nor illegal.

'Should impersonating a police officer, identity theft, false advertising and passing fake checks all have the same punishment?'

Ummm... yes? Of course some of those things would be done for the purpose of accomplishing other crimes and that is where additional charges come in. There are also penalty ranges for crimes so that a judge can look at the specific offense. The more severe offenses like false advertising should actually carry multiple charges of fraud.

In any case, any law which makes a tool illegal rather than bad actions performed with the tool is a bad law.

'Caller ID spoofing probably doesn't fall into any existing category of fraud, so this form of fraud can be presently engaged in with impunity.'

That's because caller id spoofing ISN'T fraud it is a harmless deception. If you use that deception to illicit an unfair gain then you have committed fraud and would have committed a criminal act without this law.

Re:Upside-down.

[Opportunist]

That's why fines in some countries are not set at a specific sum (at least when it comes to amounts > 100 bucks), but rather to "day rates". A day rate is what the person or organisation found guilty earns per day. This is, in case of a person, 1/360th of your annual income (or revenue in case of a company).

So you see in our laws things like a fine of "up to 90 day rates" or "up to 360 day rates" rather than any specific amount. Usually the equivalent prison sentence is exactly the amount of day rates (i.e. laws usually read "up to 1 year prison or 360 day rates"). The downside is that it seems that some poor guy seems to be getting off "easy" when he's fined for 5k bucks for a crime that would've earned him a year in prison, simply because 5k is what he makes in a full year.

Personally, I think it's way fairer than a fixed amount (a 20k fine would be hard for me to pay but for many it would break their neck, and for some it would be pocket change). Still not a perfectly fair system, but a lot fairer.

Re:DEATH TO "UNKNOWN CALLER"

[Lumpy]

I block it just fine on verizon.

I have all phone lines and voip lines going into a asterisk server. if you dont have a real caller Id string and are not on my blacklist your call goes through.

It's quite easy to block UNKNOWN CALLER. and cheap too. a asterisc pots card is $29.00 on ebay and an asterisk server is pretty much free. (P-III 500 is more than enough horsepower) all you need is a voip phone handset or adapter to go to regular phone ($19.00 ebay sipura spa-2000)

Way better than any answering machine you can buy, I can block anything I want, I can force unknown callers to a special mailbox that states " I do not answer unknown calls" or better yet a 30 minute "hello? hello? I cant hear you. wait a second. can you hear me now? hello? can you speak louder? I can kind of hear you now, what was that?"

wasting a telemarketers time is a wonderful thing. when they get that you are honey potting them to waste their time they add your number to the do not call list on their own.

Re:Simple question

[Rob T Firefly]

Police and the phone company use the ANI system (Automatic Number Identification). This is the system that tracks your billing. You do not have any say in what this system records as far as Name, Number, etc.

Unless, of course, you spoof that as well. [google.com]

Re:A campaign

[Anonymous Coward]

A friend of mine purchased this technology 2-3 years ago, and started a business off of it(he did no advertising other than putting up a webpage and letting google index it). Within the first week, he had already been contacted by the DEA (i think it was them... some FED agency) for a possible contract. Not sure if he took it, but the first time he called me using it, it came up identifed as

White House
900-555-5555

He could make ANY text, and ANY number appear for the call. Cool tech, IMO. The reason he bought it in the first place? He got shorted off of an EBAY sale. Couple hundred bucks, if I remember correctlhy.

So, he called up the guy who stiffed him, cleverly socially engineering the guy, without breaking any telephone/imposter LAWS, and within a few days, had recieved a check for the amount it had sold for.

Not sure as to why Congress thinks it should be illegal, or what good it will do. Afterall, you don't HAVE to answer the phone.

It's all Paris Hilton's fault...

[tom_evil]

...or is it just a coincidence that this law comes up after "SpoofCard.com Terminates Accounts of Paris Hilton and 50 Other Customers for Using its Service to Break Into Voicemail Boxes" [spoofcard.com]?

I think not.

Anyway, please people, the whole reason for this law is not to make spoofing a thing of the past, but to make sure only cops and feds are allowed to spoof caller ID to harass, intimidate and spy on me by pretending to be my loved ones, creditors, ex-girlfriends who want their DVDs back, one night stands who I never called back, etc. I mean, how naive are we about them spying on me? Laws are about power and who has it. That's why they won't let me buy a tank on eBay.

Damn government.

Re:Upside-down.

[shaitand]

'Asterisk does a great job of keeping unwanted calls off my home line, but to work best it needs valid callerID info.'

I'm sorry but there is no justification for creating a new law and a new class of crime so that your Asterisk system will work.

That said, I think there might be merit in requiring telemarketers, pollsters, and collection agencies to use valid callerid information. I don't support it for other commercial agencies though, some may not take incoming calls at all.

That actually touches on me personally. I own a small computer service business. Much to my customers glee I do not give out my cell phone number to customers (they would rather have you paying attention to them and their problem when you are there than be able to reach you directly). If there is an emergency then they can pass a message from the office. My cell phone does not have the option of spoofing the callerid to match the office number it only gives me the option of setting callid to private. My cell is paid for by the company and used for business so it would fall under your commercial entity bill, this would effectively bar me from calling customers at all.

'There is no VALID reason for companies to be "anonymous".'

Aside from the specific example I mentioned above, this is a broad statement and you should rethink it. I could as easily say that there is no VALID reason for YOU to be "anonymous". Companies are entitled to the same privacy you are and may have many reasons for wanting to be anonymous.

I say we leave the line where it was BEFORE this bill. Spoofing caller ID or using any other means of deception to illicit unlawful gains is illegal (that would include businesses using caller id in a way that is not valid). Using caller id spoofing for any other action that is not criminal is still not criminal.

'I received about 50 calls for "Patricia" in the past year. despite constantly telling these annoying people that there has never been a "Patricia" at this number in at least 15 years since I've had it, and to remove the number from their records, and asking to have the info relayed to the creditor, the calls still keep coming.'

It's all about the magic words. There are different ways you have to say it depending on who is calling but here is a universal statement that will work for ANYONE you don't want to call again:

"This is my phone. I have no existing business relationship that entitles you to call it. Do not call again."

or if it is just telemarketers or people calling for surveys you can shorten it to "Do not call again."

If you say anything else it doesn't carry the weight of law, if you say it the way I just said it carries a $50,000 fine per incident should the same company call you again. The law doesn't require them to 'notify creditors' or 'take you off their list' but it does require them to honor your specific request that they not call again UNLESS you have an existing business relationship.

Speaking of things that should be regulated, collection agencies should be limited to one collection attempt every 3 months. I had a roommate once who got over his head and could no longer both pay rent/food AND pay is credit card bill. After it was turned into collections the creditors for ONE card literally called on a daily basis and sometimes multiple times per day.

The US System Works

[Slashdot Parent]

That's why in America we have three types of penalties: monetary, incarceration, and administrative.

• Monetary: That's the fines. To somebody like Paris Hilton, the fine means nothing. In fact, to most people, the amount of the fine is trivial. In my state, the fine for speeding is $5 for each MPH over the speed limit. If I get a ticket for going 45 MPH in a 25 MPH zone, my fine is $100.
  
  $100 means nothing to me. If I were to lose $100 walking down the street, I would never even notice. So why do I not just drive like a maniac? Read on...
  
• Administrative: If you get too many tickets within a certain period of time, you lose your right to drive. They take your license away. It doesn't matter if you are rich or poor. You get too many tickets, you lose your license. Just ask Paris Hilton.
  
• Incarceration: Drive without a license? You're going to jail. Doesn't matter if your are Paris Hilton or some bum on the street. Hell, in my state, you'll get jail time for serious enough speeding infractions. Even if you can afford the $5 for each mile ticket, if you're caught going 120 in a 55 MPH zone, you're going to jail. Doesn't matter if you can afford a $325 ticket or not.

Doing a percentage scale for tickets is just stupid. In Sweden, a speeding fine is calculated at 14 days pay. Would you really miss 14 days pay no matter what you earned?

What about if you earned $500,000 per year? Your fine would be $19230.76. But if you earned $500k/yr, would you really care that much about a $20k fine? Jail time and loss of license are much bigger deterrents to the wealthy.