Re: Truth in Caller ID Act

In article <1176355296.450126.104970@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
davidclark@xxxxxxxx says...
On Apr 11, 5:25 pm, Linc Madison <linc...@xxxxxxxxxxxxxxx> wrote:

On ordinary single-line telephone service, the Caller ID data is
inserted by the telco switch. The problem comes from PBX's. The telco's
line ID for the trunk is pretty much useless for Caller ID purposes,
especially since on most PBX's that line is outgoing only. In fact, it
may even have a non-dialable number, like (xxx) 0xx-xxxx. Thus, the PBX
inserts the Caller ID data, which the telco accepts on faith. It's very
difficult to separate out the PBX administrators who "accidentally"
transmit invalid CLID from the ones who do it intentionally.


Ok but the point of caller ID as far as I am concerned is
accountability. I'm not concerned if I can't actually dial the number
that shows up on my caller ID, as long as it leads to information
about who called me. Sure, It would be nice to always be able to flip
to my caller ID numbers and re-dial or save that number for whatever
reason, but I for one, would gladly give up that ability for those
calls I receive that originate from behind a PBX. There are very few
callers who call me from behind a PBX that I actually want to call
back, and even so I would just learn to recognize their outgoing CLID
and substitute their regular business number when I wanted to return a
call. Alternatively, the telco could require the subscriber to
provide a single valid call back number that the telco would then
insert. Why not eliminate the option for PBX administrators to insert
their favorite number? Doesn't seem like a big deal to me.

Telemarketing isn't the only reason to close this gap in security.
There have been incidences of Phishing where a spoofed caller ID is
used to lure people into believing that their bank is calling them and
needs to verify account details. There is one case of a man calling
in a hostage situation to police using a spoofed caller ID. So the
swat team showed up at some lady's house and ordered her out with her
hands up... much to her surprise....

Actually it was Justin of justin.tv who also had his CLID spoofed to
911. Here's what bothers me most, E-911 uses CLID and not ANI and that
really makes me wonder.


It seems awfully complacent to stand by and ignore this wide open hole
in the system.

In traces I've done, most are using fly-by-night providers who don't
give a crap what you send as CLID. 800 services are cheap enough that I
just use that now. That way I get ANI sent to me as CLID. It works
beautifully.

.