[VOIPSEC] Truths on "Truth in Caller ID Act"

Fite, Bryan (LNG-DAY) bryan.fite at lexisnexis.com
Sun Oct 1 21:49:42 BST 2006 

This would definitely have a negative impact on companies like
Spoofcard.com. I believe many URL filters already classify sites of that
nature as criminal tools.

In reality, there are some marketing and novelty uses for such
technology, besides the traditional private detective and law
enforcement uses. 

Too many organizations are using CallerID as an authentication method.
This could be the reason folks are lobbying for legislation like this. 

Bryan K Fite, GSEC

-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
Behalf Of Richard Clayton
Sent: Sunday, October 01, 2006 1:58 PM
To: J. Oquendo
Cc: voipsec at voipsa.org
Subject: Re: [VOIPSEC] Truths on "Truth in Caller ID Act"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <20061001172745.GA15007 at infiltrated.net>, J. Oquendo
<sil at infiltrated.net> writes

>So the United States government wants to pass the "Truth in Caller ID"
act. 
>Humorously it will do little do deter criminals from spoofing their
caller ID 
>and scamming innocent victims. Here is the rule/law followed by why it
will 
>fail:
>
>"It shall be unlawful for any person within the United States, in
connection 
>with any telecommunications service or VOIP service, to cause any
caller 
>identification service to transmit misleading or inaccurate caller 
>identification information, with the intent to defraud or cause harm."

[snip stuff about tracing]

>CallerIDBusterFoobar.com is a server located in Moscow. They're hosted
there, 
>their provider is their, their uplink is in Russia, etc. Joe Smith is a
scumbag 
>thief interested in stealing the credit card information of a "few good
men". He 
>lives in Boondock Arizona and spends much too much time thinking up
scams. He 
>signs up for an account at CallerIDBusterFoobar.com, assigns
800-DISCOVER as his 
>caller ID and proceeds

so he has committed an offence as soon as he causes a phone to ring...

> to scam countless people out of their information.

... whereas under the current law, he might well not have committed an
offence until he actually started to use that information.

Laws, as was observed, do not change the technical landscape. However,
legislation such as this one does make it much easier for prosecutors to
go after people who are trying to do wicked things where there is
insufficient evidence of the whole of their scheme, but there is some
evidence of one part of it -- viz: the deception of using spoofed CLI.

IANAL, but I've seen plenty of legislation like this, and it does assist
in finding something to charge people with. It does not of course help
catch them -- but that's not a reason to reject the law as useless.

What would be relevant is to ask whether use of CLI spoofing by the
"good guys" (law enforcement, PIs, debt collectors) is to be given
special permission to evade this law -- or whether their case to be
allowed to deceive people is irredeemably weak.

- -- 
richard                                                   Richard
Clayton

Those who would give up essential Liberty, to purchase a little
temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov
1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBRSABjJoAxkTY1oPiEQJx1ACggGNEJcBUhAL7NzpDIcfvwnn1/V4AoKjo
3ddjefTtTBp4HCt8zUDLIibD
=xj2y
-----END PGP SIGNATURE-----

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list