On Wed, 2008-05-14 at 21:15 -0400, voipguy wrote: > Of course they would believe caller id is accurate. It was originally > "sold" to them that way. Same applies to things like "privacy guard" > that depend on caller id.
and that may be the bigger problem. The phone network was never designed to allow anyone and everyone act like a phone network. They made promises they can only keep when a few "trusted" companies are able to control what data goes where. The emergence of SS7 firewalls shows that they dont trust all the data that may be trafficed over the network, a network that was also never designed to have but a few "trusted" people on it. It also wouldnt surprise me in light of FCC fines that have been passed down for traffic really being interstate but marked intralata, and such that the carriers arent behind some of the legislative pushes lately. The fines can run hundreds of millions for that. They are however cautious to not push for legislation that can harm them such as verification of customers right to use a specific number, or at least they should be. Personally I dont see anything really wrong with the ability to spoof it, it shouldnt be trusted and even if you pass laws making that illegal it wont have much effect, the way the laws are written you can only catch someone with the proposed legislation after some other action that is already illegal is done (such as pranking e911, scams and avoidance of do not call lists). As for "homeland security" something that was brought up at one point as a potential, they should know more than anyone that its not reliable, they should also have access (at least some of the homeland security folk) to the encrypted phone network. I know the NSA has two phones, one encrypted one not, and if anyone in your group uses the insecure phone, say to order a pizza they have to declare this to everyone in the room before picking up the phone and placing a call, this is so background conversations dont accidentally get picked up and get broadcast. The risk of tricking them based solely on caller id/ani should fall to better education of the employees (which applies to all things not just national security). I have gotten some calls that I thought were suspicious, people pretending to be police demanding information, the number did check out it was the police, however I said that I had to call them back for time reasons, but did this before giving any information, upon calling back no one knew of the officer that alledgly called me nor anything about why anyone would call me to ask for such information. The callback was just a couple minutes later, and no one at that station (of which only a couple were there that time of night) even claimed to have made the call. The biggest way to defeat this is basic to all types of scams, when someone calls you on the phone the fact they claim to be someone does not make it true, any more than someone approaching you on the street and claiming without proof that they are someone. You cant just believe everything you hear, but for some reason people all too often do believe it on the phone, disbelieving in person. For example if someone walked up to you on the street and told you they were a police officer but didnt have a badge would you believe them? Would you just tell them anything they wanted to know? Education is the key here more than anything else. But its hard to charge extra for a service that you have to advertise as "may not be reliable". I guarantee however that if you got most of the ILECs customer service line and asked them if caller id was reliable they would say yes it is, and for the vast majority of calls that would be true but the statement itself that it is reliable isnt true. The media coverage that it can happen however is to a point a good thing, it lets people know that it cant be relied upon even if the phone company claims it is. -- Trixter http://www.0xdecafbad.com Bret McDanel Belfast +44 28 9099 6461 US +1 516 687 5200 http://www.trxtel.com the phone company that pays you! _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz