Time To Ban Caller-ID Spoofing (Again)?
Your phone rings, and a quick glance at the area code helps you decide to answer the call. But instead of a forgotten friend or a local business client, you get “Heather from Account Services,” offering to lower your credit card interest rate. Again. Just like yesterday. And the day before. Here's the scoop on what you can do about this annoying problem…
Should You Answer That Call?
The phone is ringing again. If the area code was one of the toll-free kind (800, 833, 844, 855, 866, 877 or 888) you would never have answered. By now you've learned that nothing good comes from a call made from a toll-free number. After all, toll-free numbers were created for YOUR convenience, so you could contact businesses without incurring the cost of a long-distance call.
Had it been from the Washington, DC, Area Code, 202, you would not have answered yet another fundraising call from your dully (sic) elected Congresscritter. Similarly, a call from the 702 Area Code may mean only that you left your toiletries behind at the Days Inn in Las Vegas.
But in the past year, I've been getting several calls a day that show the incoming number matching not only my area code, but also my local exchange. Ordinarily, that would mean a neighbor calling. But thanks to software that lowers the technical barriers to Caller-ID spoofing, it could be a telemarketer in Toledo, Tacoma, or Timbuktu.
And increasingly, I am getting calls that display only “PRIVATE” instead of a name or phone number. I don’t answer such calls, and if the caller does not leave a voicemail message I will not call back. This seems like a simple, obvious solution to telemarketers who hide behind “PRIVATE” phone numbers. But it has a certain medical practice up in arms.
There is a local doctor who thinks the entire world must conform to his office practices. His phone system sets all outgoing calls made by his staff and his auto-dialing appointment reminder to “private.” Patients who block calls from “private” numbers, as many people do, don’t get important calls from staff or the nuisance of yet another reminder they don’t need. This doctor tells patients that they must unblock all calls from “private” numbers or find another practice. So I found another practice.
Black, White and Gray Areas
Another medical practice spoofed its caller-ID, sending me the number 555-555-1212. That number is so obviously fake that I blocked it instinctively. Then I got irritated because my doctor’s office was not returning my phone calls. It took two months to figure out why. I came very close to "firing" that doctor, too. I am sure I know how it happened.
An office staffer drew the short straw and the task of “programming” the new office phone system. She followed the system’s voice prompts to set things up. When it asked her for the number to send for caller-ID, she thought to herself, “Hmm... I don’t want to send our real number for patient privacy considerations. So I’ll just make one up: 555-555-1212.”
I am not a lawyer, but it seems to me that if a patient signed a form indicating that he wants you to leave all the details of his test results on his voicemail inbox, then he is not at all concerned that a passerby might catch a fleeting glimpse of a phone number and remember that it belongs to a certain medical practice. So “patient privacy considerations” are absurd, in this case. There is no good reason for your doctor to spoof caller-ID data, let alone set all outbound calls to “private.”
As you can see, the Caller-ID spoofing world is not neatly divided into good guys and bad guys. There are plenty of good guys who would call home before battle but would have to do it while disguising their identities. There are plenty of office staffers who don’t think through their cunning plans. So when we debate whether to ban caller-ID spoofing, there is a lot of grey area to discuss.
Will New Laws Solve the Problem?
Kathy Afzali, a politician who represents Carroll and Frederick counties in Maryland, got a taste of caller-ID spoofing that alarmed her. “You should not be able to masquerade as someone familiar or safe to someone on the other end,” Afzali said. Researching federal law on caller-ID spoofing, she found it has gaping loopholes.
That federal law is called, appropriately enough, The Truth in Caller ID Act of 2009. It authorized the FCC to come up with and enforce rules that prohibit any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongly obtain anything of value.
Well, that lets our medical people off the hook, and a lot of bad guys. Any time a prosecutor has to prove “intent,” he will back away from the case because it’s nearly impossible to prove what someone else was thinking. In practice, caller-ID spoofing won’t be prosecuted unless actual harm can be found that has been done to consumers. And annoying you a dozen times a day doesn't quality as "harm" in a legal sense.
Afzali’s bill, which would apply only in Maryland, eliminates all of that “intent” wiggle room, and all exemptions and excuses. It’s probably flawed, but it's at least a start at addressing a problem that vexes nearly everyone with a phone. Perhaps it will serve as a model for other states to adopt similar legislation, and one of them will get it right. That's the beauty of our "laboratories of democracy" in the USA.
But as we all know thanks to “Heather from Account Services” and her legion of clones, the existing federal law has not stopped caller-ID spoofing. It’s not as if the FCC has not been trying, though. Penalties of up to $10,000 per violation can be assessed if someone is found to violate the spoofing law.
In August, 2017, the FCC proposed a fine of more than $82 million against a man who made more than 21 million robocalls with false called-ID data. He was trying to sell health insurance. In June, 2017, the FCC proposed a fine of nearly $120 million against a man who caused nearly 100 million robocalls with false caller-ID data to be made.
These cases and others like them are all subject to civil asset forfeiture rules. Just about any assets that may have been obtained with or used to obtain the fruits of a crime can be seized and sold by the federal government. Whether these guys have assets worth anywhere near their fines remains to be seen. But it’s a start.
For now, the best defense is a combination of common sense and technology. Tools like the ones I mentioned in my article on fighting robocalls can help to weed out the spammers and scammers. For those that calls that do ring through, I recommend that you answer only calls from numbers you recognize. Voicemail is your friend. Unless of course, you enjoy toying with the telemarketers.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 9 Apr 2018
|For Fun: Buy Bob a Snickers.|
SOPHOS Business-Grade Security for Your Home
The Top Twenty
[DRIVE] Trading Privacy for a Discount?
There's more reader feedback... See all 55 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Time To Ban Caller-ID Spoofing (Again)? (Posted: 9 Apr 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved