Due to the fact that legislation is being drafted in the United States to make the act of spoofing Caller-ID illegal (with the intent to defraud or harm), that would lead one to believe that it is currently NOT illegal. However, note that this is simply the act itself.

Also keep in mind that in many states, including Texas where I personally reside, it is a crime to access a computer system without authorization. Take into consideration someone who uses falsified Caller-ID information to authenticate to another person’s account on a voice-mail system. While the act of spoofing the Caller-ID information may not currently be illegal, using it to access the voice-mail system in question likely is. While in that case you may or may not be liable for what your customers use the spoofed Caller-ID to accomplish, at the very least you will want to consider such scenarios and watch this legislation closely as it moves through Congress.

Our (VOIPSA) position has really been not to take sides on the legality/illegality of caller ID spoofing but more to point out that it’s rather trivial to do within VoIP and so anyone basing their trust on CID should rethink that. This is a change, though, because I know that certainly here within the US, people have become accustomed to trusting the CID on the PSTN in screening calls or at least having a sense of who they are talking to. VoIP removes the ability to trust CID because it is so easy to spoof. I’m not sure as a society we yet understand that change in the trust model to which we’ve become accustomed.

Now, it’s pretty clear that some members of the US Congress think that it should be illegal (at least “with the intent to defraud or cause harm”) but I don’t know what is happening in other parts of the world.

Regards,
Dan

we are thinking about making called id spoofing available to all our customers. Do you think that we are doing something illegal ?

regards,
Ioan

However, I WILL head to DC and attend ShmooCon. Close enough? (: