Spoofing Update: Yes, Virginia, You May Be Able to Answer your Phone Again.


Meet the Author, Martha Buyer! Martha is an attorney whose practice is largely limited to the practice of communications technology law. She also provides a wide range of communications technology consulting and legal services, primarily geared to support corporate end-users’ work with carriers and equipment and service providers. To learn more about Martha, and how she can help you, visit her website at http://www.marthabuyer.com/.


As almost everyone with either a landline or a mobile device or, heaven forbid, both, knows, the level of consumer annoyance associated with the receipt of spoofed calls continues to rise. Inbound calls that masquerade as originating from local numbers in particular, have become such a pain in the drain that many people simply don’t answer their phones when numbers are not recognized. Not only has the FCC taken a renewed run at regulating spoofing, but the Commission is looking for guidance from interested parties as well. Although the final due date for comments has yet to be released, at least one very powerful submission has been posted. If you care about this issue, now is the time to speak up.

Just so that we’re all starting in the same place, it’s important to define both “spoofing” and its offspring “neighborhood spoofing.” “Spoofing” is defined as placing a call using an originating telephone number other than that assigned by the telephone company. This capability is not uniquely enabled by VoIP telephone services, and it is not inherently unstoppable in VoIP or legacy calling environments. “Neighbor spoofing” works by tricking recipients into thinking they are receiving a legitimate phone call by showing caller ID that matches or is close to the dialed phone number’s NPA-NXX. As a useful point of reference, the spoofing of a number is not a function of the technology used. That is, calls can be spoofed from systems that rely on both VoIP and more traditional underlying technologies. The ability to spoof is an enabled capability resulting from decisions made in both system configuration and policy on the part of the originating provider.

As currently written, the Truth in Caller ID rules do nothing to address the problems caused by robocalls that are initiated from outside of U.S. boundaries. In fact, the original rules only make some spoofing activities, beginning with those calls that originate within the United States, illegal. The proposed rules attempt to extend the reach of caller ID spoofing rules to calls that originate anywhere, but terminate within the U.S. (see Section IIIA, paragraph 11 of the NPRM). This is a huge step forward, as is the NPRM’s attempt to broaden what qualifies as a “call,” including text messages. This too is an important step forward.

Narrowing the Definition of LEGAL Spoofing

Annoyed consumers often ask if spoofing is legal. The answer is “sort of, but not completely”. In its current form, the Truth in Calling Act as amended in 2011 (47 CFR § 64.1604) prohibits “any person or entity from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm, or wrongfully obtain anything of value.” 

But according to David Frankel, CEO of ZipDX LLC, a Silicon Valley telecom company, and a regular FCC commenter in the fight against robocalls, the current rules simply don’t go far enough. “When the FCC wrote regulations implementing the original Truth-In-Caller-ID legislation in 2011, the Commission took a wait-and-see attitude, promising refinements down the road. Recent legislative action, including RAY BAUM’s Act, require that those regulations be revised. The FCC needs to incorporate what we’ve learned over the past eight years. The words ‘intent’ and ‘cause harm’ are subjective. In fact, the best regulations are objective. I believe that the FCC will serve all stakeholders if it mandates that the caller-ID be either a number assigned to the caller, or one used with the permission of the party to which it is assigned. This rule change will achieve the goals of the lawmakers, including limiting harm while permitting legitimate spoofing.”

Why Not Just Prevent All Spoofing?

There are legitimate reasons why accurate caller id information may not be appropriate or necessary. Included among these would be outbound calls from domestic violence shelters, calls from medical professionals who do not want patients returning calls to the numbers from which they originated (read: homes or personal mobile devices), calls originating from call centers located far away from the called party (for example, calls made from a central non-local location, which remind patients to pick up prescriptions from their local pharmacies), and, of course, calls related to law enforcement activities. In these cases, accurate locations and/or name disclosure could either be dangerous or simply ill-advised because of the confusion (or, in some cases panic) such caller ID information could cause. Essentially, there are some legitimate reasons why caller ID should be blocked. I have a much harder time understanding why there’s any advantage to creating a false number to make the caller look like it’s something or someone other than what or who it is. But I digress. A little.

Selling Spoofing

Believe it or not, there’s at least one company who makes it easy for outbound callers to spoof. While I’m loathe to give them any publicity of any kind, they’ve really stretched the truth and law, in my opinion, to an extreme, all in the name of helping outbound callers mask their correct identities. This particular company provides all sorts of opportunities to sell services to spoof numbers for both calls and texts. Are the company’s sales pitches legal? I would suggest just barely. But I’d also say that if we’re defined by the company that we keep, two of the ads at the bottom of the company’s web page read as follows: 

“Is your partner cheating? Here’s a surefire way to catch a cheating spouse,” and “want to Place Free Prank Calls? Here’s How.” Not kidding. Need I say more?

Conclusion

Although the FCC recognized the problem of spoofing as far back as 2011, the problem has only intensified as entities have come up with ingenious and creative ways to misrepresent themselves in the interest of, well, who knows? But it’s a deceptive practice, whatever the motive, and as such, to me, warrants the extra bright light that the FCC is now shining in its direction.

If you want to learn more about spoofing, or how you can improve your current communications system, contact Vertical.