Mississippi Makes Caller ID Spoofing Illegal 258
marklyon writes "HB 872, recently signed into law by Mississippi Governor Haley Barbour, makes Caller ID spoofing illegal. The law covers alterations to the caller's name, telephone number, or name and telephone number that is shown to a recipient of a call or otherwise presented to the network. The law applies to PSTN, wireless and VoIP calls. Penalties for each violation can be up to $1,000 and one year in jail. Blocking of caller identification information is still permitted."
Not a bad idea... in fact, an obvious good idea. (Score:5, Insightful)
There shouldn’t need to be a law for this, though. Telcos should enforce it on their own.
Re:Not a bad idea... in fact, an obvious good idea (Score:5, Insightful)
How would enforcing a rule such as this enable telcos to make more money? I imagine that some of their larger customers are spoofers. And telcos are corporations. All corporations are inherently sociopathic, lacking in empathy, remorse, guilt, or any sense of right and wrong outside of "more money is right, less money is wrong."
If someone should do something, and they don't, we make a law to force them to.
Re:Not a bad idea... in fact, an obvious good idea (Score:4, Insightful)
How would enforcing a rule such as this enable telcos to make more money?
It pollutes the feature? At what point is it no longer worth getting caller ID, because the numbers are not reliable enough to be worth paying to have it...
But yeah, you have a point. The telcos really don’t have much incentive to prevent spoofing when their larger customers are doing it.
However, here’s my take, and why it still doesn’t need to be illegal IMHO. The companies who spoof are generally doing stuff that should be illegal anyway, right? That’s why they want to hide their identity. So as I see it, if we could crack down on them for those actions, spoofing wouldn’t be the big-business issue it currently is. Then, the primary spoofers would just be pranksters, and the telcos would have good reason to prevent it again.
Re: (Score:2)
Preventing spoofing in the first place makes it easier to track down illegal actions, right?
I think that if it was easy and common to spoof IP addresses, the internet would be even more of a cesspool.
I think elimnating spam had to do with positive identification of the sender? Seems like it has gone down over the past few years. I would guess most servers/relays drop email that cannot be properly tracked to the origin, they could do something similar with phonecalls.
Re: (Score:3, Funny)
It is obviously good... I am somewhat surprised to see this from my home state.
Re:Not a bad idea... in fact, an obvious good idea (Score:5, Informative)
However, here’s my take, and why it still doesn’t need to be illegal IMHO. The companies who spoof are generally doing stuff that should be illegal anyway, right?
No they aren't. For example my company spoofs so that patients who hit *87 or return the call go to a number where their calls will get handled rather than some internal number that might just be an outgoing only line.
Re:Not a bad idea... in fact, an obvious good idea (Score:5, Insightful)
Re:Not a bad idea... in fact, an obvious good idea (Score:4, Insightful)
For example my company spoofs so that patients who hit *87 or return the call go to a number where their calls will get handled rather than some internal number that might just be an outgoing only line.
That’s a different situation, and I’m not even sure it’s considered “spoofing” or done in the same way.
If the caller ID says who you are (your name) and gives a number at which you can be reached, that’s acceptable – if you are a representative of a certain company, the caller ID can show the company name & line, not your personal extension. That’s not fraudulent and therefore not illegal according to this law.
In any case, the telco knows you’re doing it... and yes, the telco knows the fraudster spoofers are doing it too. They just can claim immunity if they don’t know about the (other) illegal actions of their customers... even when they probably know full well what’s going on.
Making the spoofing illegal is a way to pin the telcos and force them to reveal who the fraudsters are, but I’d prefer a solution without adding new things to the list of stuff that’s illegal.
Re:Not a bad idea... in fact, an obvious good idea (Score:4, Interesting)
I "spoof". I purchase my incoming and outgoing service separately and from different vendors. I use different caller ID identification based on whom I am calling (one number for personal calls, another for business calls). They are both numbers that belong to me but there is no particular connection between that number and the "line" I am using to place the call.
I also forward calls from certain people to my mobile phone when I am not at my desk. In that case I am effectively placing a call to my mobile number, spoofing the CID to be that of the original caller, so I can see whether I want to answer it.
I would be very sad if I could no longer do these things, as they make my life a lot easier.
Re:Not a bad idea... in fact, an obvious good idea (Score:4, Informative)
The bill includes intent. Unless one is trying to deceive or defraud your customer, there is no violation.
Re: (Score:2)
A corporation pays my salary, so they can't be all bad.
Re:Not a bad idea... in fact, an obvious good idea (Score:5, Funny)
All corporations are inherently sociopathic, lacking in empathy, remorse, guilt...
A corporation pays my salary, so they can't be all bad.
They only pay you because slavery is illegal. Doing the right thing because you have no choice doesn't count when good karma is being totted up.
Re: (Score:2)
They only pay you because open slavery is illegal.
Here, fixed that for you.
Re: (Score:2)
Actually, that's not true. Slaves cost money; if they die, you gotta buy a whole new one!
When you have an employee, it doesn't matter what happens to him. You've only paid for his labor, not his life. It's easy to hire a new one and only has a minimal training time overhead.
Re: (Score:3, Insightful)
Re: (Score:3, Funny)
Free as in speech, or free as in beer?
Corporations are sociopaths (Score:3, Insightful)
If they decided it would be worth more money for them to grind you up and feed you to pigs, they would.
Right now you are bringing in more money than they are paying you. Hence your employment. If that wasn't the case you wouldn't be there. And if the penalty for murder was less steep, the odds of getting caught smaller, and if there was a pig food shortage - you'd be screwed.
Read up on the tobacco industry for current examples of what I'm talking about. They kill about half a million people in the U [cancer.gov]
Re: (Score:3)
Why, it's not insightful *at all*.
Corporations are just a concept. Like a government. Or a gang. It's all the same, it's all people. People are quite able to be sociopathic, evil bastards all on their own.
Unfortunately you can't put a corporation in prison when they break the rules. Which is why they tend to have much less of a conscience, versus natural persons.
Not to mention that large organizations make passing blame / guilt quite easy, so the humans pulling the strings manage to sleep at night.
Re: (Score:3, Insightful)
If they didn't engineer cigarettes to be as addictive as possible with additives and adjuncts, I'd agree with you. But we both know there is an entire industry aimed at making cigarettes as addictive as possible to take away your right to choose.
Let me ask you a question. Have you ever tried to quit? Most smokers I know have tried once or twice. What was that like?
Still feel like you're 100% in control of your decision to smoke? If you're not, who is?
The tobacco industry is. And since they're ca
Re: (Score:2)
Really? You think laws are a bad idea? What method would you use to ensure that people's freedoms aren't infringed upon? As laws in a free democracy amount to nothing more than contracts between individuals, it seems as though you don't agree with the whole concept of contracts.
Re: (Score:2)
Of course there is a difference between 'should do' and 'must do.' We are a free democracy, and we have a system for determining which 'should dos' become 'must dos.' I never said that every 'should' should be made into law. I'm saying every law is something that people 'should' do, but won't, without consequences.
Re: (Score:2)
If I wanted to convey what you believe I meant, I would have written "In every case where someone should do something, and they don't, we make a law to force them to."
What I wrote is simply true in a literal sense. I don't really see how it is controversial. "We believe you should do this" is the ultimate justification for every law on the books.
Re: (Score:2)
I hate to rain on your wishful thinking, but if what you say actually worked in reality, there should be at least one telco that already prohibits caller ID spoofing. Is there?
Re: (Score:3, Insightful)
If a telco customer can't rely on the telco for providing the proper information that the customer is paying for, then they will lose the customer to a telco who will.
Uh, you do realize that it's not the answerer's telco that's spoofing the caller ID right? If a caller on AT&T spoofs his caller ID and I'm on Verizon, is Verizon supposed to use their psychic powers to figure out the correct ID?
If people actually followed your logic, Verizon would intentionally spoof the caller ID of every call from its
Re: (Score:2, Redundant)
Telcos should enforce it on their own.
Yeah and corporations should do all sorts of things they don't do. Which is why the government has to step in to make them do it.
Re: (Score:2)
I really don't see your point. Whatever you show to other people when calling should be numbers you own. Why should the law be concerned with how that is actually implemented?
Re: (Score:2)
Then make that the law. But there is a need for dialed out number to not be the displayed one for many legitimate and obvious reasons.
Re: (Score:2)
Then read the damn bill instead of shooting down straw men.
Re: (Score:3, Funny)
How? Seriously, how the hell would they enforce it? Companies use caller ID spoofing all the time! Look when an agent at your bank calls you from their call center. Does their phone number show up? Nope, its the 800 number, that you can call back the company on. Isn't that the same as spoofing? I mean, technically, its the exact same steps in the PBX to do it maliciously or not.
Then, you might have one call center in one region have a nice fat pipe coming in from ATT, a second call center handled by
Re: (Score:3, Insightful)
How does anyone ever enforce anything? You punish those you catch doing it wrong, of course.
Further if the displayed number is one of your own, I don't see this as 'spoofing' at all. Read the law, I guess and see if they agree.
Re: (Score:2)
Think about it. That's not spoofing, that's giving an alternate callback number for the same entity. Spoofing a callback is saying you're someone else; like, say, a car "warrantee" company using a little old ladies number as their callback. Again, your bank agent is not spoofing by giving his own company's 1-800 number. I'm pretty sure that all of the phone companies already know how to route calls between networks and who owns them. How the heck do you think calls are routed currently?
Since this law allo
Re: (Score:2)
There shouldn’t need to be a law for this, though. Telcos should enforce it on their own.
Score:4, Insightful
If I hadn't just spent my last mod point, you'd just now be at +5 Funny. Telcos, acting right without the law forcing them... good one!
Re: (Score:2)
That’s so old-fashioned, though...
Re: (Score:2, Insightful)
Re: (Score:3, Informative)
Think of this feature as a form of NAT for phone lines.
It's more like the "From:" or "Reply-To:" headers of an email message: it indicates where you want follow-ups to go to.
Re: (Score:3, Informative)
Any customer with a phone switch or PBX is now in violation of this law.
RTFL [state.ms.us]. It's very short. Quoting it:
2(d) "False information" means data that misrepresents the identity of the caller to the recipient of a call or to the network itself; however, when a person making an authorized call on behalf of another person inserts the name, telephone number or name and telephone number of the person on whose behalf the call is being made, such information shall not be deemed false information.
and also:
3(1) A person may not enter or cause to be entered false information into a telephone caller identification system with the intent to deceive, defraud or mislead the recipient of a call.
(2) A person may not place a call knowing that false information was entered into the telephone caller identification system with the intent to deceive, defraud or mislead the recipient of the call.
So it's "with intent". I don't see anything wrong with the law as it stands.
It is about time (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Why? There is nothing inherently evil about spoofing caller ID.
Should be, from the point of view of wasting time. All we'll end up with is about 40 states banning it, and given that LD is so cheap as to be borderline free, all the crooks will base themselves in the remaining 10 states. No actual effect other than a bunch of wasted time.
Like the state usury laws forcing all the crooked CCs to DE or CT where-ever it was.
If they tried it at the federal level, then being a stupid idea, it could be promptly shot down, making the world simpler for everyone.
Re: (Score:3, Informative)
It's a wonderful idea. If done at the federal level, then your quite valid concerns would be eliminated.
Did you read the law? It's not half bad at all:
Huh? (Score:2)
...you mean this wasn't already illegal? Strange.
Wait, what? (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
Spoofing the caller ID doesn't mean you are untrackible. But it does mean the person who answers the phone gets the wrong impression who is calling.
For example if you work from XYZ company and you call out their Caller ID may get the main line number while your number is "Spoofed" as it is a legit use for it. That is why they don't stop it.
However if you spoof your own line with just fake information then the person will need to dig and get the information back. Usually being to much effort to be worth it
Re: (Score:3, Informative)
It's actually quite simple. Telemarketers have been known to do this. It's quite obvious to get caught because the people you call who see you doing the spoofing will report you to the proper authorities. It's also easy enough for the telco to find out that you are doing this. The problem is that they haven't been stopping people from doing it hence why they had to come in and pass this law.
Re:Wait, what? (Score:5, Informative)
There is a subtle difference between caller ID and ANI. ANI is used by the telco billing system and cannot be spoofed because it identifies the access line. CID can sometimes be spoofed by inserting bad data on a PRI line. Some telcos, however, check it.
Re: (Score:2, Interesting)
hmm.. slashdot ate some of the comment text there... guess i should have read the preview more closely.
Should read:
Phone rings: caller ID says Joe (your last name).
Pick up phone: "Hello Mr (your last name), I'm from X Company, and we want you to have one of our fine credit cards."
Call and report X Company.
Re: (Score:3, Insightful)
Because, of course, no one would ever lie about being X Company.
Re: (Score:2)
what if his name is Joe though?
Re: (Score:2)
Then he'd be even more likely to answer it. Likely thinking 'did I leave my damn cell phone somewhere??'
Telemarketers? (Score:2)
VOIP (Score:2)
Re: (Score:2)
Re: (Score:2)
Legit call centers do this all the time. Do you think they have a line for each agent? Do you think that the agent is always there?
No, they display their phone number that accepts customer calls.
Re: (Score:2)
On the same note, spoofing to a number and name you legally own shouldn't be illegal, but that's sort of irrelevant.
Re: (Score:2)
I haven't used Skype in a year or two but it was possible to have outbound service but no inbound number (if that's all you wanted to pay for). I'm sure there are other situations as well where an inbound number doesn't exist.
Re: (Score:2)
Any time I've used Skype Out it's always shown up as 000-000-0000 or 012-345-6789.
Re: (Score:2)
I do use VoIP, and I "spoof" in two specific situations:
Since I got a cell phone through my work, I had my old cell phone number (which I'd had for like 7 years, and it spells my name) ported to VoIP (I keep both numbers and have separate personal/work numbers, and only carry one device). Now when you call it, it simultaneously rings the phone in my home office, and my cell. When it calls my cell, it "spoofs" the outbound call to appear as though it's coming from whoever ACTUALLY called my number, so on my
Re: (Score:2)
Especially when I use my VoIP line to spoof my cell phone caller ID. That way, the return call gets to me wherever I am. That shouldn't be illegal.
Squeal like a pig! (Score:2)
I don't really even care about the fine. Throw them in the can with Bubba for a year per call to MS, and justice will have been done.
Nothing reforms a man like prison rape! (Score:3, Insightful)
In fact, let's just do away with prisons and sentence people to serve time in automated rape machines. Who cares about cruel or unusual punishment, these guys are spoofing telephone numbers!
In other news... (Score:2)
Re: (Score:2)
Wouldn’t help: calling into Mississippi using spoofed caller ID data would be commission of a crime in Mississippi and they could be prosecuted no matter from where they were based.
They’d have to stop calling Mississippi, or stop spoofing their caller ID on those calls anyway.
Re: (Score:2)
And who is going to extradite over this?
Route the calls to a PSTN gateway to another country. Then you will not even know where they really called from.
Simple solution (Score:4, Interesting)
Telemarketers will call from another state and use a PSTN gateway in yet another state/country. All this does is move telemarketing jobs out of a state that badly needs any jobs it can get.
Re: (Score:2, Insightful)
Or they'll stay in Mississippi and *gasp* display their real company name in their Caller ID!
If a company is so slimy that it would move out of state just to avoid displaying their real name on phone calls, well . . . that's pretty slimy.
I guess that's most telemarketers, but still.
Re: (Score:2)
They call for another company. If I am bob from "Bob's telemarketing and general annoyances" and I call for AT&T, whose number do I display? AT&T would prefer that I give theirs, and I would too as I do not take calls in. As I am not that scammy I only call current AT&T customers about new options. What number do I display?
Re: (Score:2)
AT&T has not done it's own calling in probably 20+ years. No big company does.
Guess what, that dell order you made involved people who do not work for dell directly.
Re: (Score:3, Insightful)
Why would they do that? They can still block caller ID and they can still show any number they own. Why would they want to show someone else's phone number, and why should we let them?
Re: (Score:2)
Telemarketers will call from another state and use a PSTN gateway in yet another state/country. All this does is move telemarketing jobs out of a state that badly needs any jobs it can get.
Funny, I could understand the Bangalore tech support staff better than I could the Mississippi telemarketing staff. *grin*
Why bother spoofing? (Score:2)
Re: (Score:3, Insightful)
Ding ding ding, we have a winner!
More stupid politicians makings laws about things they do not understand.
I bet they did not even know the difference between CLID and ANI.
Re:CLID name not specified by caller (Score:5, Funny)
Ding ding ding, we have a winner!
More stupid politicians makings laws about things they do not understand.
I bet they did not even know the difference between CLID and ANI.
Everyone should know the difference between the CLID and the ANI. The CLID is in the front and the ANI is in the back.
Re: (Score:2)
Why should they know? They're just mandating that the number you show when you dial someone is a number you own. A perfectly sensible rule and one which has been enforced by gentleman's agreements in other countries. Obviously gentleman's agreements aren't enough in Mississippi, and so they had to make a law.
Re: (Score:3, Insightful)
Re: (Score:2)
So everyone calling Mississippi is at risk of being prosecuted?
No. If you aren't spoofing your information then you have no risk at all of being prosecuted. This law is about people like telemarketers who are having their caller ID information changed so that they can get around things like call blockers.
Re: (Score:2)
Legit call centers do this all the time. Do you think they have a line for each agent? Do you think that the agent is always there?
No, they display the phone number that accepts customer calls.
The folks who show a false number altogether are criminals who are not going to follow this new law either.
Re: (Score:2)
Ignorant I guess. I am a sysadmin and have nothing to do with telemarketing other than I worked for a call center during college.
Re: (Score:2)
IANAL but i feel like if I am not originating the call in Mississippi I don't see how I am bound by their laws. The state I make the call from allows it, I am not required to know their state laws, I don't set foot in their state, I don't operate a business in their state. I don't know enough about this to know whats involved in spoofing; but I know enough to know that unless they can prove that you willfully did something, and also that you did so under their jurisdiction I don't see how they can do anyt
Re:CLID name not specified by caller (Score:4, Informative)
"Most people's cell phones don't actually do caller-id. They merely cross-reference the number from your contacts list."
Hate to be pedantic here, but I do work in telecommunications. Pretty much every cellphone on the US market supports Caller ID Number, but not the Caller ID Name. If they didn't support Caller ID Number, then there would be no way to cross-reference the number to a name in your contact list.
Another side note is that Caller ID Name is not something supported in all locations or all countries - even other industrialized nations.
Name by Caller, 800 numbers are all faked. (Score:3, Informative)
Re: (Score:2)
The politicians that made this law do not know that, nor did they bother to research it.
Re: (Score:3, Interesting)
They could just force ANI and drop CID, so it's not an issue.
Except one can spoof ANI as well. On purely digital networks, you have to tell the system what number you are calling from, since it wouldn't otherwise know. Some carriers enforce a rule that your outgoing CID and ANI must be a number which you own, but not all do. If you have multiple carriers, they really can't do this effectively, since they don't know what numbers you terminate.
Plus toll free numbers aren't really on the same level as regular ones, since they are ALL redirected via the SMS 800 system to
Re: (Score:2)
The real problem is the POTS system. It needs to die. Everyone gets a voip phone and we use DNS to assign numbers. Nice and simple. No spoofing IPs if you want to be able to hear what the other party is saying.
Re: (Score:2)
Re:Does this make Google Voice illegal? (Score:5, Informative)
I think not, as the law is pretty clear about requiring
...THE INTENT TO DECEIVE, DEFRAUD OR MISLEAD;
and since your Google Voice number is still a number belonging to you, I doubt it would be a crime to use it as your caller id.
Re: (Score:2)
I think the key here is twofold:
When you call someone, does the name in the caller ID it say it’s you?
If they return the call to the number it displayed, will they reach you?
Re: (Score:2)
You own the Google Voice number, and it is a number that can be called to reach you. It's your number, not someone else's. Therefore, using it as a return number is not entering "false" information.
From the actual law as passed:
SECTION 2. As used in this act:
[...]
(d) "False information" means data that misrepresents the identity of the caller to the recipient of a call or to the network itself; however, when a person making an authorized call on behalf of another person inserts the name, telephone number or name and telephone number of the person on whose behalf the call is being made, such information shall not be deemed false information.
Google could easily be considered an "authorized agent" and they are putting in the telephone number they have issued to you. Plus your Google Voice number does not misrepresent your identity. So there are two outs in that provision that make Google Voice calls legit.
SECTION 4. This act does not apply to:
[...]
(d) A telecommunications, broadband or voice-over-Internet service provider that is acting solely as an intermediary for the transmission of telephone service between the caller and the recipient.
This probabl
Re: (Score:2)
Re: (Score:2)
You people trying to use common sense and thinking about the details are ridiculous. Lawmakers are too busy taking money our of our pockets to worry about these details and that money will be used to enforce this law which will require more of your money. See, all clear now.
Re: (Score:2)
Someone would have to sue them for it. Since most customers probably _want_ to know that, rather than the name of the call center, it seems unlikely that anyone would pursue a case based on that.
Re:Collection Company's (Score:5, Informative)
You really need to read the law: "however, when a person making an authorized call on behalf of another person inserts the name, telephone number or name and telephone number of the person on whose behalf the call is being made, such information shall not be deemed false information."
Re: (Score:2)
To clarify, I was responding to the call center bit.
The collection agency bit is easy. They will continue spoofing numbers, but the people in Mississippi will simply lose their jobs when the collection agency moves to another state where their practices are legal. If this becomes a federal law, then the call will come from India, China, or any of a number of countries where the law does not apply. Or they'll just start blocking caller ID entirely.
Re: (Score:2)
You could at least read the bill [state.ms.us] before panicking.
"however, when a person making an authorized call on behalf of another person inserts the name, telephone number or name and telephone number of the person on whose behalf the call is being made, such information shall not be deemed false information."
Re: (Score:2)
This will put a hick up in collection company's practices since they do it all the time.
I think that impersonation as a means to collect a debt was made illegal over a decade ago, check the Fair Debt Collections Practices Act for the details.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Correct me if I'm wrong, but even if they leave the state, anyone that calls a resident of that state and spoofs caller ID is in violation of the law. All they would have to do is extradite the offenders to the state and try them.
Re: (Score:2)