[asterisk-users] PRI Outbound CallerID Question

Kristian Kielhofner kris at krisk.org
Tue Sep 26 16:17:57 MST 2006 

Jay R. Ashworth wrote:
> On Tue, Sep 26, 2006 at 05:28:12PM -0400, Kristian Kielhofner wrote:
> 
>>2)  Get a telco that lets you set any CID.  I don't know if I just look 
>>trustworthy or something, but I have had no problems whatsoever getting 
>>several LECs and CLECs in multiple states to let me set any CID I want. 
>> Looking at the other posts, it seems that some people have problems 
>>with that.  I never considered it to be a big deal, just a cool 
>>privilege that you gain with a PRI...  It seems that isn't the case with 
>>some telcos.
> 
> 
> And, um, perhaps that's not a bad thing?
> 
> Y'all read this: http://lauren.vortex.com/archive/000154.html
> 
> and then give some more thought to whether you *should* play games with
> CNID... even assuming that you can.
> 
> And don't give me "policy's not my problem; I'm only concerned with
> mechanism"... that's what they said at Birkenau, too.
> 
> Hitler.
> 
> Godwin.
> 
> :-)
> 
> Cheers,
> -- jra

jra,

	Quite frankly, it is not my fault that the general public and several 
institutions like banks, etc have poorly implemented systems on THEIR 
end that ASSUME that CNID is gospel and use it for all kinds of 
authentication purposes.  Why do telcos use the ANI for billing? 
Because it is gospel, and as long as they are sending out bills, it 
always will be.  If you need to authenticate based on phone number 
(which is ridiculous anyways), check against the ANI.  If you are a 
legit institution that needs access to the ANI, you should have no 
problem getting that sent down your PRI from your telco.

	Obviously caller ID is a joke, and has been for some time.  That ship 
sailed long before you and I started talking about it on Asterisk-Users. 
  The more that people fall for invalid and spoofed caller id the better 
for all of us.  Standard practice and public opinion need to be changed 
on this.  I hate getting credit cards and having to activate them from 
my "home phone number".  It tells me that my credit card has no 
understanding of security for my account.  Too bad that to make 
purchases in the 21st century you need a credit card, and all banks and 
card issuers are equally stupid.

	Why not connect me to a human that asks me all kinds of questions?  I 
know they can do that because other banks (and credit bureaus, etc) have 
access to that info and have those processes in place.

	Maybe if US Weekly does a few more stories about celebs like Paris 
Hilton getting jacked by spoofed caller id popular opinion might be 
changed.  Until then...

	What is boils down to is personal responsibility and enforcement of 
rules/laws that are already in place.  Sure, I *COULD* drive 150mph on 
almost any road, but we as a society already have laws in place like 
speed limits that will punish me when I do.  I am not forbidden from 
buying a Porsche (or penalized for having one) just because it can go 
150mph.  However, if I do, I'll go to jail.

	Likewise, if a predator scams someone, stalks them, etc because they 
have access to caller id spoofing, lock them up for theft or stalking 
(illegal in most states).  Don't take away their PRI or the ability to 
set CID and punish the rest of us in the process.  I'm no lawyer, but in 
Wisconsin (and probably other states) it is perfectly legal and 
acceptable to set caller id to anything you please, as long as it is not 
used to stalk, harass, defraud, etc.  If you get busted doing that, not 
only do you faces charges on the original crime (stalking, theft, etc) 
you get another count added for faking caller id to do it.

	As a matter of fact, a less known fact is that if you use an FRS 
(Family Radio Service) walkie-talkie (or police scanner) in the 
commission of a crime, you just broke another (federal) law and can be 
prosecuted for that.  There are examples of laws like this all over the 
place...

--
Kristian Kielhofner

More information about the asterisk-users mailing list