Capital Currents - A Stealth Law for a Stealthy Problem
The Truth in Caller ID Act: To me, it was the Stealth Communications Act of 2010.
There were two pieces of major and well-publicized legislation enacted in 2010 affecting the telecommunications industry. There was the Commercial Advertisement Loudness Mitigation (CALM) Act, which regulates loud commercials. And the Twenty-First Century Communications and Video Accessibility Act of 2010 (CVAA), which the FCC calls “the most significant piece of accessibility legislation since the passage of the Americans with Disabilities Act in 1990.”
And then there was the Truth in Caller ID Act, which was signed into law on Dec. 22. I suppose there were some folks who were aware of this bill as it made its way through the legislative process. But to me, it was the Stealth Communications Act of 2010. And rightly so, because it outlaws some pretty stealthy behavior.
But now I know all about this new law, because the FCC has begun the process of adopting new rules that prohibit “spoofing” of Caller ID. It seems that spoofing the Caller ID is particularly easy with VoIP services.
When a phone call comes in during my dinner hour, I first look at the Caller ID. If it shows a toll-free number, I don’t answer. If it shows “unavailable,” I don’t answer. If it shows “name unknown,” I don’t answer. But if it shows the name of a local company or a local phone number, well, maybe I’ll answer it. If it shows the name of a government agency, I’ll probably answer it.
And my behavior seems to be typical. The FCC reports that Caller ID-spoofer NobelBiz Inc., for example, offers a Local Touch service that enables its telemarketing and debt collection clients to place calls from anywhere while transmitting CPNs (calling party numbers) that make it appear to call recipients that they are receiving local calls. The idea is that consumers are more likely to answer a call that appears to come from a local phone number. On its website, NobelBiz claims that its Local Touch service will increase customer contact rates by a minimum of 30 percent.
But debt collection is the least of the worries. The “jury duty scam” is far more pernicious. Suppose you get a call about missing jury duty, and the Caller ID shows it comes from the courthouse. The caller warns that a warrant is being issued for your arrest and asks you to provide the caller with your Social Security number to confirm your identity. The next thing you know, your identity has been stolen and your bank account cleaned out.
Caller ID spoofing is big business. There seem to be a zillion companies offering the service. Or maybe 10 companies, each with a zillion different names. Just do a search online. The FCC names Telespoof, PhoneGangster, SpoofApp and Itellas, but there are plenty more.
How does Caller ID spoofing work? You set up an account with one of those companies that offers a spoofing service. When you want to make a call, you dial the spoofing service, put in your PIN or account number, put in the number you want to call, and put in the number you want to appear on the Caller ID at the other end. The spoofing service has a computer that does the work.
So the FCC plans to adopt a rule that prohibits Caller ID spoofing done with the intent to defraud, cause harm or wrongfully obtain anything of value. Of course, the companies that offer the spoofing service already warn against such activities. For example: “Itellas works hand in hand with law enforcement when subpoenaed to ensure that no customer of Itellas is able to use our service to commit crimes, harass, defraud, etc. We keep detailed call logs and reserve the right to monitor any and all use of our service in order to ensure that no customer is using the service in an unlawful manner.”
And the FCC is asking about passthrough of bad information: “For example, in many instances, the carrier or provider merely transmits the Caller ID information it receives from another carrier, provider or customer. Should the Commission expressly exempt carrier or provider conduct under these circumstances, even if the information conveyed is not accurate?”
A closely related question is important to the cable industry because it is relevant to the pass-through by cable operators of sound level data, which is required by the CALM Act. Is the cable operator liable if the broadcaster or program service sends bad dialnorm data?
Anyway, the FCC is required to adopt rules, but we’ll have to see if they can enforce them. What can the FCC do when the Caller ID says “Texas” but the call comes from Jaipur or Bangalore? It will be illegal to spoof Caller IDs with the intent to defraud, cause harm or wrongfully obtain anything of value. But any other use of Caller ID spoofing is OK. Adopting rules is easy; proving that someone violated them is sometimes very difficult.