[VOIPSEC] Truths on "Truth in Caller ID Act"

J. Oquendo sil at infiltrated.net
Wed Oct 4 16:07:00 BST 2006 

Mpierce1 at aol.com wrote:
>
> Hopefully, other countries will follow suit with such laws. Not doing so will cause 
> havoc in our telephone system.
>
> And ultimately, I hope that it provides the legal basis for the US 
> government, and the responsible telecommunications providers in the US ane other 
> countries, to block all VoIP calls from those countries that do not take effective 
> action against those who are committing this fraud. This action will be required 
> since groups like this one seem incapable of figuring out technical ways to 
> ensure that the delivered CLI is correct.
>   

Let me cross post this from another list...

// XPOST 

So with let's say a vendor getting back to me on a problem I have, let the company be Dell for this example. Dell has their outsourced vendor from Ralwapindi India or somewhere in the vicinity call me, my caller ID shows 1800GO2DELL, in this scenario either way you want to cut it, Dell is circumventing the "Truth in Caller ID Act". 

As for telco's doing what they do greasing pockets, this has gone down since the evolution of business, money talks BS walks bottom line.

Vladis to further iterate on your fallacious point: 


> > The prosecutor can charge *each and every person involved* who is both"
> >
> > a) within the US and
> > b) took an identifiable action which lead to the event.
>   

Let's create SpoofmyCallerIDforKicks.com and make a call (abbreviate the site to SCK.com for this example):

Spoofer(2125551212) --> SCK.com --> CallReceiver (4085551212)

SCK.com (posts call via Asterisk) --> routes through Russia to Level3 --> through Verizon --> through BellSouth --> Victim

SCK is in the Moldovia absolved from US laws. Should BellSouth bear the burden of the illegal action? This is what your statement is telling me. BellSouth, Verizon and Level3 are all to blame and since they cannot prosecute SCK being they're outside of US laws, you're inferring the US government can/will/should/have_the_option_to go after those responsible. Either way you want to cut this, Verizon, BellSouth and Level3 are as much to blame for not taking the proper checks.

Just something for thought...
// END XPOST


You state "Not doing so will cause havoc in our telephone system." If I'm a Korean, Chinese, Russian, Swedish telco, what do I honestly care about your telco systems and rules. As long as my calls go through and my users follow my rules, that would and should be my only concern, not some Orwellian scenario another government suggests.

You state "block all VoIP calls from those countries that do not take 
effective action against those who are committing this fraud." You say 
TOE-MAY-TOE I say TOE-MAH-TOE. What you deem as a law should not be 
imposed on anyone else. Just because something works for you gives you 
no right to (NOTE THE NEXT WORD) DICTATE what should work for others. 
You state: "This action will be required since groups like this one seem 
incapable of figuring out technical ways to ensure that the delivered 
CLI is correct." This is called dictating don't you think.

You state: "people got used to using it as an authentication and 
identification tool, for those cases in which its limited security was 
sufficient, like deciding whether or not to answer a call or let it go 
to the answering machine. VoIP will destroy even this common suage"... 
Identification tool, shame on those who used CID as an identification 
tool. How could someone be so asinine to not think that someone could 
walk into the reception area of a bank and make a courtesy call posing 
as a bank employee. The CID would show banking information so your point 
is moot. Secondly, telcos sell unpublished number usage, so if I forget 
spoofing and simply not send my CID should it be labeled a crime? If 
that's the case should anyone care to partake in class action lawsuit 
against any and all providers worldwide message me we could make some 
serious cash.

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

More information about the Voipsec mailing list