[VOIPSEC] Truths on "Truth in Caller ID Act"
Mpierce1 at aol.com
Mpierce1 at aol.com
Wed Oct 4 09:41:36 CDT 2006
In a message dated 10/1/2006 1:32:30 PM Eastern Daylight Time,
sil at infiltrated.net writes:
> So the United States government wants to pass the "Truth in Caller ID" act.
> Humorously it will do little do deter criminals from spoofing their caller
> ID and scamming innocent victims.
Yes, as we well know, laws by themselves don't do much to deter criminals.
It's enforcement and penalties that do. I suppose you ridiculed the "Do Not
Call" law in the US, which worked very well, in fact, without enforcement. This
new law, whether you think it is dumb or not, provides the basis for prosecuting
the jerks who spoof CLI, at least in those cases originating in the US.
Hopefully, other countries will follow suit with such laws. Not doing so will cause
havoc in our telephone system.
And ultimately, I hope that it provides the legal basis for the US
government, and the responsible telecommunications providers in the US ane other
countries, to block all VoIP calls from those countries that do not take effective
action against those who are committing this fraud. This action will be required
since groups like this one seem incapable of figuring out technical ways to
ensure that the delivered CLI is correct.
Before VOIP, we did not need this law, since the telephone system ensured
that the CLI was correct, so, yes, people got used to using it as an
authentication and identification tool, for those cases in which its limited security was
sufficient, like deciding whether or not to answer a call or let it go to the
answering machine. VoIP will destroy even this common suage.
Mike Pierce
More information about the Voipsec
mailing list