[asterisk-biz] ANI

[Trixter aka Bret McDanel]

On Wed, 2008-05-14 at 21:15 -0400, voipguy wrote:
> Of course they would believe caller id is accurate. It was originally 
> "sold" to them that way. Same applies to things like "privacy guard" 
> that depend on caller id.


and that may be the bigger problem.  The phone network was never
designed to allow anyone and everyone act like a phone network.  They
made promises they can only keep when a few "trusted" companies are able
to control what data goes where.  The emergence of SS7 firewalls shows
that they dont trust all the data that may be trafficed over the
network, a network that was also never designed to have but a few
"trusted" people on it.  

It also wouldnt surprise me in light of FCC fines that have been passed
down for traffic really being interstate but marked intralata, and such
that the carriers arent behind some of the legislative pushes lately.
The fines can run hundreds of millions for that.  They are however
cautious to not push for legislation that can harm them such as
verification of customers right to use a specific number, or at least
they should be.  

Personally I dont see anything really wrong with the ability to spoof
it, it shouldnt be trusted and even if you pass laws making that illegal
it wont have much effect, the way the laws are written you can only
catch someone with the proposed legislation after some other action that
is already illegal is done (such as pranking e911, scams and avoidance
of do not call lists).  

As for "homeland security" something that was brought up at one point as
a potential, they should know more than anyone that its not reliable,
they should also have access (at least some of the homeland security
folk) to the encrypted phone network.  I know the NSA has two phones,
one encrypted one not, and if anyone in your group uses the insecure
phone, say to order a pizza they have to declare this to everyone in the
room before picking up the phone and placing a call, this is so
background conversations dont accidentally get picked up and get
broadcast.  The risk of tricking them based solely on caller id/ani
should fall to better education of the employees (which applies to all
things not just national security).  

I have gotten some calls that I thought were suspicious, people
pretending to be police demanding information, the number did check out
it was the police, however I said that I had to call them back for time
reasons, but did this before giving any information, upon calling back
no one knew of the officer that alledgly called me nor anything about
why anyone would call me to ask for such information.  The callback was
just a couple minutes later, and no one at that station (of which only a
couple were there that time of night) even claimed to have made the
call.  

The biggest way to defeat this is basic to all types of scams, when
someone calls you on the phone the fact they claim to be someone does
not make it true, any more than someone approaching you on the street
and claiming without proof that they are someone.  You cant just believe
everything you hear, but for some reason people all too often do believe
it on the phone, disbelieving in person.  For example if someone walked
up to you on the street and told you they were a police officer but
didnt have a badge would you believe them?  Would you just tell them
anything they wanted to know?  Education is the key here more than
anything else.  But its hard to charge extra for a service that you have
to advertise as "may not be reliable".  

I guarantee however that if you got most of the ILECs customer service
line and asked them if caller id was reliable they would say yes it is,
and for the vast majority of calls that would be true but the statement
itself that it is reliable isnt true.  The media coverage that it can
happen however is to a point a good thing, it lets people know that it
cant be relied upon even if the phone company claims it is.  

-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
Belfast +44 28 9099 6461        US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!