logo
  • Home
  • Tote Boards
  • About Carl Oppedahl
  • speedtest
  • Sites that Cite our Site

Why caller ID spoofing is not easy to prevent

2nd July, 2018 · oppedahl 3 Comments

A loyal blog reader asked:

What prevents the U.S. telephone carriers from ending the use of spoofed caller-IDs? It would seem possible to put an authenticated (tokenized) caller-ID system in place for in-country calls that maintains the originating number, or at least flags the displayed number with some symbol if it cannot be authenticated.

This is a very good question.  The answer might surprise him.

Yes spoofed caller ID is a big problem.

The problem is that you are assuming a fact not in evidence. There is no such thing as “the originating number”. Decades ago I guess there was such a thing. Not for at least a decade, however, has there been such a thing as “the originating number”.

In the old days, the only way you could place outgoing telephone calls was by getting a physical landline telephone line from the monopoly telephone company in your local area. This dial tone was delivered on a pair of copper wires. That telephone company knew perfectly well what your telephone number is, because that telephone company made it possible for you to receive telephone calls at some particular telephone number. To the extent that someone might say that it was necessary to “enforce” what the caller ID was on your outbound telephone calls, the telephone company was able to “enforce” this because necessarily that company handled both your incoming and your outgoing telephone calls. There was a monopoly situation where by definition the two kinds of calling (inbound and outbound) were automatically linked in a way that the customer had no control over.

But for at least a decade, now, the technological situation is quite different, because of SIP and VOIP.  Using SIP and VOIP, it would be very easy to set up a business in which you simply never receive an incoming telephone call, not by means of any telephone number. The business might only place outgoing calls.

If you run a business that only places outgoing calls, then what can we say about what your “originating” telephone number is? Nothing. We cannot say anything. The caller does not really have an “originating” telephone number.

In our office we have several inbound telephone numbers. But there’s nothing that requires us to have inbound telephone numbers, other than perhaps the convenience of being able to receive inbound telephone calls.  There is no technological linkage, not in the past ten years, between “the number people use to call you” and “the number that shows up on the caller ID if you call somebody”. One of the reasons that there is no linkage between the two is that one might exist and not the other. You could have a business that receives incoming calls but that does not place any outgoing calls. You could have a business that places outgoing calls but does not receive any incoming calls.

The reason for all of this is SIP and VOIP. The technologies of SIP and VOIP make it so that there is no linkage between the two things.

Oh and even if for some reason you were to choose to set up a business that can do both things — receiving incoming calls and placing outgoing calls — there is nothing about this that requires any linkage between the carrier that you use for the one direction and the carrier that you use for the other direction. In our case for example we receive incoming telephone calls through several carriers (including “Callcentric” and “Localphone”) and we send outgoing calls through another carrier (“Voip.ms”). The carrier that we use for the outgoing calls has no way to know what telephone numbers we use to receive inbound telephone calls on the other carriers.

If for some reason we were to feel the need to switch to a different carrier to handle outgoing telephone calls, we could switch at a moment’s notice. We would simply change a line of configuration data in our PBX to direct outgoing calls by means of the new carrier instead of the previous carrier.  (The outgoing calls would pass over something called a “SIP trunk” which is merely an Internet connection.)  In such a case we have the ability to tell the new carrier what we want our caller ID to be. We could say whatever we want about the caller ID telephone number, and the new carrier would not have any way to know whether we do or do not receive telephone calls at that telephone number.

Suppose for example that some state or federal body were to pass a law (or promulgate a regulation) that purports to require a carrier that handles outgoing telephone calls to “enforce” that the caller ID matches some trusted source (like, maybe, a telephone number upon which the caller can also receive calls).  Or suppose (as our reader suggests) that some state or federal body were to pass a law that purports to require a carrier that handles outgoing telephone calls to “flag” the caller ID with a special symbol under certain circumstances.  In such an event the carrier would be able to say, without it being untrue, that the carrier simply lacks any technical way to do what the law purports to require.  Saying this in a different way, technological changes would have to happen to make such “enforcement” possible.  It would not be enough simply for some state or federal body to pass a law or promulgate a regulation.

So in the near term, spoofed caller ID is just part of life.  Pretty substantial technological changes would be needed in the Public Switched Telephone Network for things to happen such as were suggested by my blog reader.

Share this:

  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to email this to a friend (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Posted in Office Tech |
« Calling an iNum telephone number
A tip of the hat to the Patent Docs blog »

3 thoughts on “Why caller ID spoofing is not easy to prevent”

  1. Henry N Blanco White says:
    July 2, 2018 at 1:44 pm

    The service provider must know where the outgoing calls are going out from, so that it can bill the caller. It must have, for that and other management purposes, a unique identifier for the source. All it needs to do is append that identifier, or some other unique code uniquely matched to that unique identifier, as the “caller ID” number on outgoing calls. It doesn’t have to be an actual telephone number.

    Reply
    • oppedahl says:
      July 2, 2018 at 2:15 pm

      Thank you for posting.

      Actually you might be surprised how little a service provider may know about the customer who is placing calls via a SIP trunk. The customer may have paid with Bitcoin, for example. The service provider may know little more than the IP address for the “register” end of the SIP trunk.

      Reply
  2. Dean Gallea says:
    July 2, 2018 at 2:55 pm

    Thanks for the explanation. You’re certainly right that laws won’t happen, particularly in our current deregulation era. But, I see a potential future product offering for incoming calls, one I’d pay for, that would work something like HTTPS: Verizon (say) would allow me the option to filter (block or not answer based on a caller-ID prefix) all incoming calls that did not carry a traceable signature from some recognized authority. Callers’ outgoing providers, to comply with this scheme, would offer their customers a signature as part of the outgoing call service, giving them legitimacy. Better than a whitelist, since I wouldn’t need to approve in advance.

    Reply

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Categories

  • Copyrights (19)
  • Industrial Designs (151)
    • Hague Agreement (38)
  • Office Tech (104)
  • Patents (515)
    • PCT (211)
    • Substantive law (5)
  • Trademarks (181)
    • Madrid Protocol (32)
  • Travel (12)

Archives

  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
© 2017 Carl Oppedahl
  • Home
  • Tote Boards
  • About Carl Oppedahl
  • speedtest
  • Sites that Cite our Site
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.