October 02, 2005

Why Telephone "Caller ID" is Actually Now Even Worse Than We Expected

Greetings. Recently, a former critic of telephone company "Caller ID Services" (more properly "Calling Number ID" - CNID) has publicly stated that he has changed his mind and now feels that our concerns (I'm a CNID critic of long standing myself) have turned out to be unjustified.

With all due respect, I must strongly disagree.

First, there's a logical flaw in the argument that simply because one doesn't perceive or experience the sorts of problems cited, that they don't exist -- or that they wouldn't exist even with less or no blocking of CNID. These are both incorrect. In fact, CNID has now become even more dangerous than we ever imagined.

Taking the latter point first, we have no way to know how many problems have been and continue to be avoided by the use of CNID blocking. Most people sensitive to these concerns have been using blocking all along, so by definition to the extent that they're not making non-blockable 800/900-type ANI calls they are relatively protected. Business collection of CNID info may have been somewhat suppressed by the heavy usage of blocking, but if there were less blocking there would almost certainly be more collection since it would become a more valuable resource.

And yet, most of the horror stories still do take place. You may not hear about them, but in my role as PRIVACY Forum moderator I frequently get reports that are utterly nightmarish. Spousal abuse facilitated by CNID, massive abuse by businesses that do collect the CNID data, and then use it as an excuse to claim exemptions from the "do not call" lists, and all manner of other problems, some of them life threatening, and particularly bad in regions that don't offer per-line blocking, where one can easily forget to dial the block code on an individual call.

But our crystal ball was foggy, in that we never predicted the new CNID scourge that has actually been putting even more lives at risk -- CNID Spoofing. This is becoming very widespread and is being used by crooks, scam artists, stalkers, collection agencies, pranksters, and so on -- and is a total mess. The telcos in general so far can't/won't do anything about this -- it may not be fixable in a practical sense -- and this spoofing is rapidly being commercialized, using PRI telephone trunks and VoIP interfaces. Both CNID number and name info can be easily spoofed in most cases via these systems. It's an enormous problem and getting rapidly worse, and is poised to blow up in a big way in the public sphere, and really give CNID yet another new and very serious black eye.

In a comment to a PRIVACY Forum message in 1993, I suggested that, "As a practical matter, 'spoofing' of caller ID (CNID) systems should not be a significant problem in modern, properly implemented systems."

The last three words in that quote are key. We did not anticipate that untrusted parties would gain routine access to such sensitive aspects of the telephone network in a manner that would allow such abuse.


Posted by Lauren at October 2, 2005 04:03 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein