Caller ID spoofing defended

A pair of recent columns, Caller ID spoofing: Juvenile? Yes. Effective? Absolutely and Caller ID con not illegal — yet, generated significant reader reaction, not all of it in lockstep condemnation of the practice.

Turns out that Caller-ID spoofing has fans, and not only among the criminal, unscrupulous and desperate: For example, you’re about to read pleas for understanding from an engineer who works for an IP PBX manufacturer, as well as a dutiful father (his is priceless).

For those who missed the initial items, the first post concerned the tale of a telecom industry veteran who used a Caller-ID spoofing service — over and over and over again — to break through the voice-mail of a former employer he says owed him thousands in unpaid commissions, while the second involved a small Maine company that was put out of business for more than 24 hours by a spoofing-enabled credit con.

Communications Infrastructure

Read more about network technologies and communications in IT World Canada’s Communications Infrastructure Knowledge Centre

First we’ll hear from Jeff Rowley, an engineer at ShoreTel:

Two beneficial uses of Caller-ID spoofing that we implement in the ShoreTel IP-PBX include being able to send a remote-based soft-phone user’s home telephone number when they call 911out a corporate trunk and, second, sending the Caller ID of the original caller when using our “Find Me/Follow Me” feature.

The first feature allows a home-based IP call-center agent to place normal outbound calls from their PC-based IP soft-phone and the IP-PBX system sends their corporate caller ID out the corporate PRI. But when they call 911 we can send their home telephone number instead, directing the emergency response team to the correct (home) address.

The second feature enhances our Find Me/Follow Me feature. This feature allows a caller to “Press 1 to have the system find me.” While the caller is waiting the system places outbound calls to the user’s cell phone (or home phone, etc.) but sends the original caller’s Caller-ID so the recipient knows who the call is really from, rather than just another call from the corporate office.

These beneficial features are not possible if the carrier filters out Caller-IDs that are outside of the “proper range” of DIDs.

I asked Rowley a few questions:

What about end-user control in the examples cited? Is there any and could it be abused?

In our system all three of the examples I mentioned are set by the administrator, not by the end user. Still could be abused but it would have to be a company-wide plot.

How does society allow the good while eliminating the abuses of Caller-ID spoofing?

Tough one, as (are) all choices between security, privacy, freedom, convenience and the like. I would equate it to allowing a consumer to being able to host their own SMTP mail server. The ISP allows this unless there is abuse (the server turns into a SPAM-monger) and then Port 25 gets turned off for that connection.

Similarly CID spoofing shouldn’t be “automatically” assumed to be bad or abusive but looked at more in an “abuse it and you lose it” fashion.

Now we get to that dutiful Dad, one Mitch Crane from Bethlehem, Ga., who writes:

I have to confess, I, too, am a Caller-ID spoofer. You see, I have two teenage daughters who have uncanny luck with their phone service: It goes out when they don’t want to hear from a parent. I just randomly pick one of their friends’ numbers, spoof it and I miraculously get through…I’m sure they too think the practice is evil and should be outlawed.

Wonder how many times you’d have to do that before the kids would just give up and answer when Mom or Dad calls.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now