[asterisk-users] PRI Outbound CallerID Question

Jay R. Ashworth jra at baylink.com
Tue Sep 26 16:49:49 MST 2006


On Tue, Sep 26, 2006 at 07:17:57PM -0400, Kristian Kielhofner wrote:
>  Quite frankly, it is not my fault that the general public and several
> institutions like banks, etc have poorly implemented systems on
> THEIR end that ASSUME that CNID is gospel and use it for all kinds
> of authentication purposes. Why do telcos use the ANI for billing?
> Because it is gospel,

No it's not.  Sprint, in the southwest, converted presented CNID to ANI
and sent it along.  Check the telecom archives.  But this isn't germane.

>                       and as long as they are sending out bills, it
> always will be. If you need to authenticate based on phone number
> (which is ridiculous anyways), check against the ANI. If you are a
> legit institution that needs access to the ANI, you should have no
> problem getting that sent down your PRI from your telco.

Indeed.  But that's not on point, either.

>  Obviously caller ID is a joke, and has been for some time. That
> ship sailed long before you and I started talking about it on
> Asterisk-Users. The more that people fall for invalid and spoofed
> caller id the better for all of us. Standard practice and public
> opinion need to be changed on this.

I understand your point, but I'm of two minds on this, as I am on the
current ATM password fracas, and for the same reasons.

>                                      I hate getting credit cards and
> having to activate them from my "home phone number". It tells me that
> my credit card has no understanding of security for my account. Too
> bad that to make purchases in the 21st century you need a credit card,
> and all banks and card issuers are equally stupid.

Indeed it is.

>  Why not connect me to a human that asks me all kinds of questions? I
> know they can do that because other banks (and credit bureaus, etc)
> have access to that info and have those processes in place.

Oh yeah, they can ask you *useful* questions.  Like your mother's
maiden name.  And your SSN.  :-)

>  Maybe if US Weekly does a few more stories about celebs like Paris
> Hilton getting jacked by spoofed caller id popular opinion might be
> changed. Until then...

Indeed.

>  What is boils down to is personal responsibility and enforcement of
> rules/laws that are already in place. Sure, I *COULD* drive 150mph on
> almost any road, but we as a society already have laws in place like
> speed limits that will punish me when I do. I am not forbidden from
> buying a Porsche (or penalized for having one) just because it can go
> 150mph. However, if I do, I'll go to jail.

Precisely.  You're saying that "not spoofing caller ID" is not part of
the American Social Contract, then?

>  Likewise, if a predator scams someone, stalks them, etc because they
> have access to caller id spoofing, lock them up for theft or stalking
> (illegal in most states). Don't take away their PRI or the ability to
> set CID and punish the rest of us in the process. I'm no lawyer, but
> in Wisconsin (and probably other states) it is perfectly legal and
> acceptable to set caller id to anything you please, as long as it is
> not used to stalk, harass, defraud, etc. If you get busted doing that,
> not only do you faces charges on the original crime (stalking, theft,
> etc) you get another count added for faking caller id to do it.

The need to send CNID not your own for non-nefarious purposes (see the
HP pretexting scam, and if you *don't* think that's going to dribble
over into telemarketers sending fake CNID, TCPA notwithstanding,
then you're nuts) is rare enough that I have no problem requiring the
telcos to get a signed agreement from clients to turn off the filters.

>  As a matter of fact, a less known fact is that if you use an FRS
> (Family Radio Service) walkie-talkie (or police scanner) in the
> commission of a crime, you just broke another (federal) law and can be
> prosecuted for that. There are examples of laws like this all over the
> place...

Sure.

But gratuituously making easy something that very few people have a
legitimate need to do, which undermines something that -- even if you
do only make the resaonable assumption that you know which phone, and
not which person, is calling -- is useful and productive... is probably
a Bad Idea.  Full disclosure notwithstanding.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

	"That's women for you; you divorce them, and 10 years later,
	  they stop having sex with you."  -- Jennifer Crusie; _Fast_Women_


More information about the asterisk-users mailing list