18 January 2008
A bill to amend the Communications Act of 1934 to prohibit manipulation of caller identification information.
====Caller-ID spoofing burns fire equipment company
Submitted by Paul McNamara on Thu, 01/17/2008 - 1:56pm.
Todd Smith, owner of the Maine Fire Equipment Company, spent Wednesday battling a conflagration of angry callers convinced that his small business was responsible for threatening them during the course of pushy credit-card solicitations.
Maine Fire Equipment (Web site slogan: "Are you protected?") doesn't issue credit cards and obviously doesn't need this kind of grief, which essentially prevented them from conducting business yesterday.
The company -- and hundreds if not thousands of call recipients -- were victimized by someone spoofing Maine Fire's telephone number, a deception which in and of itself is not illegal -- at least not yet.
Not only is the Caller-ID con going unchecked and getting worse, one security expert tells me, there soon will be "another explosion of this despicable practice" thanks to, of all things, the release of a Hollywood movie.
click here to read more.
====The purpose of S. 704 is to prohibit persons from causing any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.
BACKGROUND AND NEEDS
Most companies that offer basic telephone service also offer a caller identification (ID) service that can provide their customers with the telephone number or name of the calling party. Some callers, however, are employing technology to alter the name or number that appears on the recipient's caller ID display. This practice is known as ID spoofing.
ID spoofing can make a call appear to come from any phone number the caller wishes. For instance, the American Association of Retired Persons (AARP) issued a `scam alert' when someone posing as a courthouse employee called a Sterling, Michigan, woman claiming that she had missed jury duty that week. The caller threatened that a warrant was being issued for her arrest and then asked her to confirm her Social Security number in order to verify her identity. This scam appeared even more real when the person responsible used caller ID spoofing to display the name and number of the courthouse on the ID box. In another widely-reported case of ID spoofing, a SWAT team shut down a neighborhood in New Brunswick, New Jersey, after receiving what they believed was a legitimate distress call. A caller had used spoofing to trick law enforcement into thinking that an emergency call was coming from an apartment in the neighborhood. In yet another example, identity thieves bought a number of stolen credit card numbers. They called Western Union, set up caller ID information to make it look like the call originated from the credit card holder's phone line and used the credit card numbers to order cash transfers.
Traditionally, caller ID works through the use of signaling system 7 (SS7), which is the standard for connecting phone companies' networks worldwide. SS7 allows the originator's local telephone exchange to send a calling party number (CPN), which includes the number of the caller and whether or not the caller wants their number to be blocked.
Federal Communications Commission (FCC) regulations require that when a telecommunications carrier uses SS7 to set up a call, it must transmit the CPN and its associated privacy indicator for that call to the connecting carrier. Customers who order traditional caller ID services and have caller ID-capable phones or boxes will receive the CPN and name of the calling party when their phone rings. By FCC regulation, consumers also have the right to conceal their CPN, by dialing *67.
click here to read more
====GovTrack.us. S. 704--110th Congress (2007): Truth in Caller ID Act of 2007, GovTrack.us (database of federal legislation) (accessed Jan 18, 2008) EXTERNAL LINK
Posted by wst... at 14:49