FCC Ups Penalties For Caller ID Spoofing

GovTechGuy writes "The FCC adopted new rules on Thursday that would significantly increase the penalties for individuals or organizations that alter their caller ID information to commit fraud or with other harmful intent. The new rules allow the FCC to fine violators $10,000 per violation plus more for every day it continues. Users can still change their caller ID info as long as it's not for fraud or harmful purposes."

Harmful

[spauldo]

Is telemarketing harmful? Because every time I get one of those bastards calling me, I want to harm them.

(Yes, I know about the DNC list. I'm on a cell phone)

Re:

[geminidomino]

So cell phones can't be put on a DNC or something?

Back when it first came around, they actually didn't have to be, since it was already illegal to make telemarketing calls to cell phones -- the one good thing about our telephonic overlords charging us for incoming calls: it was determined, like junk-faxing, to be 'cost-shifted' (I think... been awhile) advertising.

Nowadays with number portability and all, I imagine it would be much more difficult to keep track, though.

And in both cases, the ones who would ignore one set will ignore the other, and the rules

Re:

[geminidomino]

I wouldn't either if one of my bosses' damn cell phone didn't seemingly-randomly come up as "Restricted" as often as it came up with her name. And she's the good one: when she calls me off-hours, there's usually a real problem.

Re:

[ocdude]

I have both lines of my cell phone account on the DNC list. Just because it's a cell phone doesn't mean you can't list your number on DNC.

Re:

[Drathos]

But it means you shouldn't have to. It's an FCC violation if a telemarketer or robodialer calls your cell phone. I've become quite familiar with form 1088 with all the complaints I've filed, but rarely does the FCC actually do anything about it (I did receive an apology letter from Dish Network after I filed a complaint about someone trying to sell me their service with a cold call to my cell, but that's one of dozens of cases).

DNC don't mean dittly squat

[Lead Butthead]

Just because your number is in DNC registry don't mean squat, I am still regularly receiving unsolicited marketing calls (robocalls and human calls) on both land line and cell line (both of which are on DNC registry.) Yes, I get the urge to introduce the caller to my nail ridden 2x4 clue stick every time I get those calls too.

Re:

[Hamsterdan]

In Canada the way it works is you can download the list for 50$ (in order to skip the numbers listed, or so they say). Basically it gives the scammers a way to get a list. And you have to put yourself on the DNC list every year. Kinda useless IMHO...

Re:

[davester666]

The list might be that cheap for a single town or city, but for a whole province (of which there are 10, for those of you in the US), or for the whole country, it is thousands and thousands of dollars per year to get the list.

And there of been hundreds of thousands of dollars worth of fines given out to lots of companies which have violated the rules for misusing or not using the DNC lists. On the other hand, virtually none of the fines have actually been paid...

fraud or harmful

[bragr]

So how exactly do they define fraud? Is it fraud it I make someone else's name show up to protect my privacy? Is a prank harmful to the other party?

Re:

[Anonymous Coward]

So how exactly do they define fraud? Is it fraud it I make someone else's name show up to protect my privacy?

If privacy was what you were after, you'd just put "Anonymous" or some such in there. So yeah, I'd say that if you put someone else's name their, you're almost certainly committing some sort of fraud.

Is a prank harmful to the other party?

If you have to ask, then yes.

Re:

[Bengie]

Coming up as just a number or with an "unknown" name is one thing, pretending to be someone you are not, is fraud.

Think of it like this. I go to a bank and say "hi, I'm some random person". The Bank can just reject me because they don't know who I am.

Or I can go to the bank and same "Hi, I'm John Doe" and the Bank says "Hi John Doe, here's you balance", even though I'm not John Doe.

That's the difference between fraud and just remaining anonymous.

Re:

[skywire]

To a lawyer, every letter.

Re:

[kelemvor4]

I define it like this:
fraud[frawd] –noun
1.deceit, trickery, sharp practice, or breach of confidence, perpetrated for profit or to gain some unfair or dishonest advantage.
2.a particular instance of such deceit or trickery: mail fraud; election frauds.
3.any deception, trickery, or humbug: That diet book is a fraud and a waste of time.
I'm pretty sure making someone Else's name show up (regardless of the reason) is fraud. Making it say the name of your business instead of your personal name probably

Re:

[Have Brain Will Rent]

That is an excellent question. We kept getting calls where the caller-id changed form "California" to "Montana" to "Ohio" etc. Our bank had given our number to telemarketers. This seems like fraud to me since they are clearly avoiding giving out an actual identifiable company id that you could call screen but they are bypassing the "no caller-id provided" call screening. Periodically changing the state name is a further ploy to make it harder to call screen them.

To me that should all be counted as fraud

Re:

[Anonymous Coward]

"Our bank had given our number to telemarketers. "
Shouldn't that be "Our PREVIOUS bank..."?

Re:

[tlhIngan]

That is an excellent question. We kept getting calls where the caller-id changed form "California" to "Montana" to "Ohio" etc. Our bank had given our number to telemarketers. This seems like fraud to me since they are clearly avoiding giving out an actual identifiable company id that you could call screen but they are bypassing the "no caller-id provided" call screening. Periodically changing the state name is a further ploy to make it harder to call screen them.

Not really.

They are providing a Calle

Re:

[Have Brain Will Rent]

IIRC: there was never a number displayed just the name - this was on two different phones (same line but not same base stations) so if there was fiddling going on to prevent the number showing it was happening outside our home, i.e. not a case of the phones not displaying information that was being provided (other callers showed name and number).

Re:

[black soap]

One of the exceptions to the "do not call" and telemarketing rules in general is "prior relationship." You gave your bank permission to give out your number to select business associates (read:anyone who wants to buy it) and they can legally call you because you agreed to this and they, by way of your bank, have "prior relationship" with you. It is bullshit, but it is a major loophole for the telemarketers.

Re:

[DogDude]

When you're sending out junk faxes, it is definitely harmful.

Probably not going to stop offshore robo callers

[kmdrtako]

Even if you threaten them with the death penalty.

After all, it's just phone calls. If there was oil at stake we'd send the Marines in a heartbeat.~

Re:

[sjames]

Perhaps we could start testing our new "non-hostile" UAVs on them...

Re:

[hedwards]

I'm pretty sure that if what you're intending to do is considered to be harmful, then you'd be considered to be intending to commit harm. Which is understandable. To say otherwise would be a bit like saying that you intended to point a gun at somebody and pull the trigger, whereas any reasonable person would say that you intended to kill or at least cause grievous injury.

Fraud is Already Fraud

[bill_mcgonigle]

The FCC is supposed to be regulating the telcos, not the People. That's supposed to take an Act of Congress.

We already have fraud statutes - they should be used.

Re:

[ffejie]

The FCC is for regulating the communications infrastructure of the country, not for regulating the telcos.

Re:

[chemicaldave]

FTFA

In compliance with the Truth in Caller ID Act signed into law by President Obama last year, the FCC rules would fine violators up to $10,000 every time they change their caller ID information with the intent to commit harm.

Re:

[bill_mcgonigle]

Yeah, if only Congress had created a federal commission to regulate communication, instead of this mystery "FCC" organization!

Yeah, that's the problem - the Congress is not supposed to be allowed to give its powers to the Executive Branch - checks and balances and all. The country is rife with stories about regulators giving people a hard time and when they call their Congressmen there's basically nothing they can do about it. Representative government, right?

Re:

[KiahZero]

Congress isn't allowed to totally delegate it's legislative powers; however, it is permitted to direct the Executive in a general direction through an enabling statute, so long as there's an intelligible principle guiding action. However, Congress retains its authority - anything a regulator does can be undone by an act of Congress. In this specific instance, the regulator (FCC) is doing exactly what Congress demanded, by implementing the Truth in Caller ID Act in the FCC's rules.

Political Robo-calls

[purduephotog]

How about making it a crime to have a robocall from a politician that has spoofed caller ID?

I'm pretty sure when I was getting phone calls for the 000-000-0000 was not a valid phone number.... and was simply used to block anon call blocking.

Is it personal use if...

[navyjeff]

I've always wanted to spoof my number as "8008135".

So do advertising cold-calls count as 'harmful' en

[JustNiz]

I wish those friggin advertising calls wouldn't be allowed to spoof their numbers. As far as I am concerned, getting some stupid marketing company cold-calling my cell even though I am already on donotcall.gov IS harmful.

Re:

[hedwards]

While we're at it, let's ban those stupid calls where they use an unlisted number as well. The majority of the calls I get from telemarketers don't pop up with any meaningful information on my caller ID.

Re:

[Bengie]

There is a guy who makes over $100k/year by reporting people who call him. He purposefully signed up for the do-not-call, but then indirectly gets his names into calling lists. He doesn't request to be solicited, but he knows how certain companies abusively data mine phone numbers and gets his numbers in areas that aren't suppose to be shared, but are.

I guess when you report someone, you also get some of the money from the fine, or at least he did in his state.

Re:

[jank1887]

reporting someone gets you no money. but, you can privately sue. and settle. If we're talking about the same guy, I think that's his process. If I recall, certain frequent offenders know him by name. he's a cost of doing business to them. it still works for them because he's a rarity.

FCC fail

[Anonymous Coward]

The FCC missed the opportunity to stop this crime wave against, mostly, elderly semi-disabled seniors in their kitchens. The FCC could easily have said that a local phone company that "knows" (because of complaints or otherwise) it is delivering spoofed cid calls can be held liable. Instead, this lame rule perpetuates the current model -- the phone company gets paid for terminating calls, turns a blind eye, and large numbers of old people who have never even used a computer get whacked by spoofers.

Re:

[Skapare]

The phone companies should be required to filter the caller ID info such that if any caller ID values that do not represent a phone number issued to that customer come through, the call will be rejected.

Re:

[DarthBart]

What about the termination only providers who don't "issue phone numbers" to customers?

Re:

[sjames]

When the call comes to them, they get the REAL caller info as well as the spoofed ANI. They can perfectly well compare them.

Re:

[DarthBart]

Uh, no. When I deliver VOIP calls to my termination provider, they get no ANI from me. They just get whatever CID I set in my SIP headers.

Re:

[sjames]

Your termination provider knows who you are. If not, why bother to pay them, just connect and go.

Re:

[Sponge Bath]

Telcos make money directly from phone scammers. Telcos make money from services (caller ID/blocking/etc) to combat phone scammers. Telcos make too much money from both sides to want to address the issue effectively. If they did, this would be a non-problem overnight. Of course, any regulation to address this would be labeled "job killing government takeover" by the GOP/T-Bags.

Re:

[bws111]

There already IS regulation, and it is called 'common carrier status'. Which means the telcos are REQUIRED to do business with everyone, whether they want that person for a customer or not.

Re:

[sjames]

They do have to do business with everyone, but they DON'T have to create an arms race where they offer consumers a for pay service to help screen out scammers and then offer scammers a service to defeat the screening.

Primary Source

[KiahZero]

Rather than parsing a sparse recitation of a press release, people wanting more information could always read the actual document justifying and implementing the new rules:
http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-11-100A1.pdf [fcc.gov]

It doesn't matter

[Trailer Trash]

I get sometimes 3 or 4 calls in one day from "Account Services", a scam company that tries to get credit card info from people. I'm on the do-not-call list, and they sometimes even call my cell phone. They do robo calls and they spoof caller id. It's illegal in many different ways.

But I can't get the FCC to pay any attention to them, and I've tried.

They might as well up the penalties to $5 Trillion + death penalty. It doesn't matter. If you're not going to enforce it the actual penalty is irrelevant.

Just punch in ...

[Super Dave Osbourne]

*67 in the states to get around it and go anonymous. Nobody is likely to answer, but you can always leave a message or try again later. I recall (no pun intended) that a fella craiglisting some game I wanted to buy wouldn't answer his phone but posted it in his duplicate ad on FleeBay. I called, and called, and 2 months later the guy finally answered and explained why he had not been answering. I told him, hey, answer your damn phone if you post an ad with the number. Lesson is you can spoof, you can h

just incase folks have not seen this 47CFR64.1200

[RobertLTux]

http://edocket.access.gpo.gov/cfr_2010/octqtr/47cfr64.1200.htm [gpo.gov]

print that out read it and have it on you when you get one of these calls.
  it begins
" (a) No person or entity may: (1) Initiate any telephone call (other
than a call made for emergency purposes or made with the prior express
consent of the called party) using an automatic telephone dialing system
or an artificial or prerecorded voice;
        (i) To any emergency telephone line, including any 911 line and any
emergency line of a hospital, medical physician or service office,
health care facility, poison control center, or fire protection or law
enforcement agency;
        (ii) To the telephone line of any guest room or patient room of a
hospital, health care facility, elderly home, or similar establishment;
or
        (iii) To any telephone number assigned to a paging service, cellular
telephone service, specialized mobile radio service, or other radio
common carrier service, or any service for which the called party is
charged for the call.."

oh and just for fun it also includes this bit

"(4) Identification of sellers and telemarketers. A person or entity
making a call for telemarketing purposes must provide the called party
with the name of the individual caller, the name of the person or entity
on whose behalf the call is being made, and a telephone number or
address at which the person or entity may be contacted. The telephone
number provided may not be a 900 number or any other number for which
charges exceed local or long distance transmission charges."

i think most call centers will dump the call if you even breath 47CFR64.1200 (or invoke federal law)

Untraceable = Unaccountable

[valderost]

This is worthless pandering. The fact is that there is no way for the receiver of a spoofed CID call to complain. The number on the Caller ID doesn't identify the caller, and the caller won't identify themselves. If you can't identify the caller, you can't complain. If you can't complain, the callers can't be held accountable. The system is broken, and therefore so are all the laws that assume the system is working. Fix the system first, then write new laws if they're needed.

Re:

[e9th]

What can't be spoofed, and why you shouldn't try CID spoofing on, say, ransom demands, is Automatic Number Identification. ANI (not CID) is used by telcos for billing purposes, so spoofing is not allowed, and it is stored for long periods. ANI is also passed to 800 numbers, and to E911 services, so spoofing and *67 are of no use there.

The problem is that telemarketers and fraudsters don't call 911 or 1-800 numbers, and it generally takes a subpoena to get telcos to release ANI information to anyone else.