Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

CallerID Spoofing to be Made Illegal

Posted by CowboyNeal on Thu Jun 28, 2007 11:05 PM
from the phoning-home dept.
Privacy Government Politics
MadJo writes "US Congress has just approved a bill that will make it illegal to spoof CallerID. From the bill: 'The amount of the forfeiture penalty (...) shall not exceed $10,000 for each violation, or 3 times that amount for each day of a continuing violation, except that the amount assessed for any continuing violation shall not exceed a total of $1,000,000 for any single act or failure to act.'"
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

CallerID Spoofing to be Made Illegal 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Interesting (Score:4, Interesting)

    by Travoltus (110240) on Thursday June 28 2007, @11:09PM (#19685067) Journal
    That's a law that should be more proactive than reactive.

    How about an additional law that makes telephone companies responsible for allowing caller ID spoofing to happen?

    Or is that too difficult to prevent?

    • Re:Interesting (Score:4, Insightful)

      by pete-classic (75983) <hutnick@gmail.com> on Thursday June 28 2007, @11:19PM (#19685175) Homepage Journal
      Allowing subscriber lines to set caller ID data is a feature, not a bug.

      -Peter

      • Upside-down. (Score:5, Funny)

        by node 3 (115640) on Thursday June 28 2007, @11:36PM (#19685343)
        Leave it to Slashdot to predictably label fraud as a "feature" and laws designed to prevent it "nannystate".

        • Re:Upside-down. (Score:5, Insightful)

          by aztektum (170569) on Thursday June 28 2007, @11:47PM (#19685439)
          That's the damn thing. Last I checked we already had laws against fraud. So why make a law specifically towards something like this? I can understand the disabilities act, but really, go after spoofers for fraud and if the penalty isn't high enough ADJUST the penalty for fraud across the board. We're making every damn little thing a frickin' crime in this country anymore.

          • Re:Upside-down. (Score:4, Insightful)

            by SpaceLifeForm (228190) on Friday June 29 2007, @12:21AM (#19685647)
            The reason they make a law like this is to
            limit the liability. It's a fixed amount.

            That is the number one reason laws have no teeth,
            they have fixed monetary penalties, that are
            really no penalty to big business. They are
            just a cost of doing business to the business.

          • Re:Upside-down. (Score:5, Insightful)

            by node 3 (115640) on Friday June 29 2007, @12:32AM (#19685721)

            Last I checked we already had laws against fraud. So why make a law specifically towards something like this?
            Because one size does not fit all.

            Should impersonating a police officer, identity theft, false advertising and passing fake checks all have the same punishment? These are all, at the base, fraud. Could they even reasonably fit under one singular law?

            We're making every damn little thing a frickin' crime in this country anymore.
            Here's the thing, the general term "fraud" is not illegal. Only specific forms of fraud. For example, claiming you can bench 200 lbs when you can barely press half that is not illegal. So, instead of just making "fraud" illegal, laws target specific types, and they *define* those specific types. Caller ID spoofing probably doesn't fall into any existing category of fraud, so this form of fraud can be presently engaged in with impunity.

            So what choices are there? Basically, they are to expand an existing law to cover Caller ID spoofing, create a new law, or ignore it altogether. Ergo this story.

        • Re:Interesting (Score:5, Insightful)

          by smartr (1035324) on Friday June 29 2007, @12:43AM (#19685767)
          If slashdot's comments and moderation can be abused, how is that a bug? Some features are inherently prone to different forms of abuse, and there is no magical way to completely solve the problem without removing the feature. I do not have faith in the idea that features can always have a perfect solution. If there was not a mistake in how something should function, it is not a bug. One could make improvements to make abuses harder, but this would be an improvement on the system - not a bug fix.

        • Re:Interesting (Score:5, Funny)

          by Grendel70 (1000350) on Friday June 29 2007, @03:59AM (#19686617) Journal
          Feature: (n) - A bug with seniority.

  • Simple question (Score:4, Interesting)

    by TubeSteak (669689) on Thursday June 28 2007, @11:10PM (#19685085) Journal
    When the police/people see the incoming phone records, will it show the spoofed number or the real number?

    • Re:Simple question (Score:5, Informative)

      by Dun Malg (230075) on Friday June 29 2007, @12:46AM (#19685791) Homepage

      When the police/people see the incoming phone records, will it show the spoofed number or the real number?
      Police and the phone company use the ANI system (Automatic Number Identification). This is the system that tracks your billing. You do not have any say in what this system records as far as Name, Number, etc. Caller ID is a separate and unrelated system. Caller ID information is usually set by the originating switch--- essentially the point where the call turns from analog to digital. If you get all your lines piped into your office via a T1, then you are in control of the device that sets the Caller ID name and number and can set it whatever you like.

  • A campaign (Score:5, Informative)

    by ringokamens (1121851) <2600denver@gmail.com> on Thursday June 28 2007, @11:13PM (#19685117)
    There's a campaign going on at Binary Freedom right now that some of you may be interested in.
    http://binaryfreedom.info/node/163 [binaryfreedom.info]
    Basically, there are several arguments against this law

    1. It doesn't do anything
    Criminals will still make calls and spoof, so it won't stop fraud. Police can already track down spoofers with the same amount of non-spoofers who are using their phones for illegal purposes.

    2. It costs money
    We're gonna have to spend money to catch spoofers.

    3. Jurisdiction
    If the phone companies want to stop spoofing, they should design a secure system instead of relying on the congressional police

    4. Privacy
    It strips privacy that is gained by spoofing.

    5. Legitimate use
    It has legitimate uses such as for telecommuters who want the name when they make business calls to be the company's. Or how about a business that has several people using one phone line? They might want the sales associate's name to appear, which would be done through spoofing.

    Fact of the matter is, this gains us nothing. If I can write a fake name on a letter and mail it, why can't I do the same with my phone?

    • Re:A campaign (Score:5, Insightful)

      by Anonymous Coward on Thursday June 28 2007, @11:24PM (#19685231)
      I work for Congress, but not on this issue. But I can correct some misinformation.

      1. You're right. We shouldn't make murder illegal either.

      2. See number 1. The question is whether the money spent on this law is worth the societal good of making it easier to prosecute scammers.

      3. The phone companies don't have an incentive to stop scamming. Congress does (they're occasionally responsible to voters.)

      4. It doesn't stop you from not allowing the number to show up at all. It just stops you from faking it.

      5. It was specifically written to exempt these uses, since Congressional offices, for example, have the public number show up when people call out from them, rather than individual extensions.

    • Re:A campaign (Score:5, Insightful)

      by Khaed (544779) on Thursday June 28 2007, @11:32PM (#19685305)
      I'm not so much worried about criminals, but I don't think this bill addresses what I want it to:

      I'm sick of companies calling and their damn name not showing up, for whatever reason. "Tollfree number" (well no shit, other than collect, when do I get charged for receiving calls?) or "Unknown Caller"

      Some of them are bill collectors. Who want someone that isn't here, and don't seem to want to believe that no, that person isn't here, and isn't going to be, so stop calling me. But either way, if they can't identify themselves, they shouldn't be calling my damn number. Which is why I disagree with #4 on your list.

      If you're calling my house, I have every right to know who you are. Can you seriously come up with a legitimate situation where you should be able to call me and me not be able to see who you are before I answer the phone?

      I barely answer unless I recognize the number anyway, because of a massive amount of wrong numbers. And some of the numbers these idiots are trying to dial aren't even close.

      I agree with #3, however, in regards to #2, the cost of it will just be passed on to you one way or another. #5 I can see, but I've never had a business call me and use a sales associate's name.

      #1 is a silly argument. Making rape illegal hasn't stopped it, either. You can make the case that no law is ever going to stop any crime. However, it makes it so that if you do it and get caught, you can be punished.

        • Re:A campaign (Score:5, Informative)

          by Achromatic1978 (916097) <[robert] [at] [pennyonthesidewalk.com]> on Friday June 29 2007, @12:54AM (#19685849)
          "Can I have your mailing address?"

          Certified mail:

          In reference to your repeated attempts to find Person X on phone number X, consider yourself formally informed that this person has no connection with this number, and further, that this number is a cellular service for which an uninvolved third party is billed for each call from your business. Accordingly, you are instructed to cease and desist calling this number in relation to this matter, or I reserve the right to take action on the grounds that these calls are civil harassment, and to seek redress through appropriate channels for costs and damages incurred in dealing with this matter."

  • Congress isn't allowed to do this... (Score:4, Insightful)

    by SonicSpike (242293) on Thursday June 28 2007, @11:15PM (#19685133) Homepage Journal
    According to the Constitution in Article 1, Section 8, Congress isn't allowed to regulate communications. Therefore this is unconstitutional.

  • That's kinda funny... (Score:4, Interesting)

    by sokoban (142301) on Thursday June 28 2007, @11:17PM (#19685155) Homepage
    Well, around here the police department spoofs their caller ID info. Any time you get a call from anyone at the police station downtown, it only shows four zeros as the caller ID. It is different from when it says ID unavailable.

  • Okay, what about calling cards? (Score:4, Interesting)

    by xerxesVII (707232) on Thursday June 28 2007, @11:18PM (#19685165)
    My parents insist on using a calling card. When they call me, what comes up in my caller ID is the city where whatever bank they got sorted through is located. For instance, my caller ID will show some 1-800 number and say "MONTGOMERY, AL" or some such city. Would this fall under spoofing?

  • Fines in America - just can't figure it out (Score:5, Interesting)

    by Bombula (670389) on Thursday June 28 2007, @11:18PM (#19685167)
    I don't get why in America we can't figure out that fines only work when the penalty is commensurate with the infraction. If you want fines to work, you have to do what they do in Scandinavian countries - charge a percentage of your income. What is a $500 parking ticket for a billionaire? But $500 will ruin your life if you work for minimum wage. It's not fair, it's not just, and it doesn't work.

    Fines for corporations should certainly have a minimum value, but they should have NO upper ceiling. When companies like Microsoft or Phillip Morris or ExxonMobil are fined $200 million dollars - as most of them have been - they don't even blink. It's completely useless. The law in America in this regard is completely idiotic in this regard.

  • All For It (Score:4, Funny)

    by Bios_Hakr (68586) <[xptical] [at] [gmail.com]> on Thursday June 28 2007, @11:22PM (#19685209) Homepage
    Good, now I'll stop getting cold calls from "caller unknown". If my phone displays "caller unknown", I just made $10k.

  • Actually, nothing happened (Score:5, Informative)

    by gruntled (107194) on Thursday June 28 2007, @11:27PM (#19685257)
    So I'm actually reading the legislative action on this bill (through Thomas, provided by the link), and it doesn't appear as though there's been any kind of a vote on this. Am I, you know, missing something? Or does somebody not understand that a bill actually has to be voted on by each full chamber (both the House and the Senate) in an identical format, before it can be said that "Congress" has approved anything?

  • Nice (Score:4, Interesting)

    by rantingkitten (938138) <kitten@mirr o r s hades.org> on Friday June 29 2007, @02:41AM (#19686299) Homepage
    I sort of hope it passes, for selfish reasons. I direct the support department at a VoIP provider and I cannot tell you how tired I am of people's endless, nonstop whining about their caller ID, and how they want it changed, and why can't I make it look like they're calling from somewhere else... on and on and on. This will give me a convenient excuse to tell them to shut up.

    On a slightly more serious note, though, it's amusing to note why the bill is being introduced. Senator Stevens was blithering about how it's important because people rely on caller ID for "critical information". I cannot imagine what could possibly be considered "critical" about caller ID information, particularly considering what a half-assed hack the entire system is anyway and the lack of any real standards. Please note that caller ID is entirely different from ANI (automated number identification).

    Caller ID is a fine example of a semi-convenient feature that people took and ran away with. The general population now sees Caller ID as the Oracle at Delphi, infallable and impossible to live without, and go absolutely apeshit if it's wrong (which is quite often, believe it or not). I guess people just don't understand the technology, but to "rely" on caller ID information is ludicrous.

    I remember about fifteen years ago, maybe a bit more, when Caller ID was virtually unheard of, and the Bells were just starting to roll it out to homes. My parents got the little box from Radio Shack, signed up with the service, and my friends and I would rush over to the ID box with childish glee every time the phone rang, cause hey! How cool is this, man!

    But in the end that's all we thought about it. It was a cool little novelty. That people take it so seriously now baffles me.

    We used to deal with the phone ringing and not knowing who it was in advance with the following method: a) answer the phone, b) don't answer the phone, or c) let them leave a message and get back to them if we feel like it.

    Somehow, though, what I don't remember is that the pre-Caller ID era was some kind of a Dark Ages where nobody got anything done.

    But you'll never convince the public of this.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.