[VOIPSEC] Truths on "Truth in Caller ID Act"

Richard Clayton richard at highwayman.com
Sun Oct 1 18:57:32 BST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <20061001172745.GA15007 at infiltrated.net>, J. Oquendo
<sil at infiltrated.net> writes

>So the United States government wants to pass the "Truth in Caller ID" act. 
>Humorously it will do little do deter criminals from spoofing their caller ID 
>and scamming innocent victims. Here is the rule/law followed by why it will 
>fail:
>
>"It shall be unlawful for any person within the United States, in connection 
>with any telecommunications service or VOIP service, to cause any caller 
>identification service to transmit misleading or inaccurate caller 
>identification information, with the intent to defraud or cause harm."

[snip stuff about tracing]

>CallerIDBusterFoobar.com is a server located in Moscow. They're hosted there, 
>their provider is their, their uplink is in Russia, etc. Joe Smith is a scumbag 
>thief interested in stealing the credit card information of a "few good men". He 
>lives in Boondock Arizona and spends much too much time thinking up scams. He 
>signs up for an account at CallerIDBusterFoobar.com, assigns 800-DISCOVER as his 
>caller ID and proceeds

so he has committed an offence as soon as he causes a phone to ring...

> to scam countless people out of their information.

... whereas under the current law, he might well not have committed an
offence until he actually started to use that information.

Laws, as was observed, do not change the technical landscape. However,
legislation such as this one does make it much easier for prosecutors to
go after people who are trying to do wicked things where there is
insufficient evidence of the whole of their scheme, but there is some
evidence of one part of it -- viz: the deception of using spoofed CLI.

IANAL, but I've seen plenty of legislation like this, and it does assist
in finding something to charge people with. It does not of course help
catch them -- but that's not a reason to reject the law as useless.

What would be relevant is to ask whether use of CLI spoofing by the
"good guys" (law enforcement, PIs, debt collectors) is to be given
special permission to evade this law -- or whether their case to be
allowed to deceive people is irredeemably weak.

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBRSABjJoAxkTY1oPiEQJx1ACggGNEJcBUhAL7NzpDIcfvwnn1/V4AoKjo
3ddjefTtTBp4HCt8zUDLIibD
=xj2y
-----END PGP SIGNATURE-----

More information about the Voipsec mailing list