[asterisk-users] PRI Outbound CallerID Question
Jay R. Ashworth
jra at baylink.com
Tue Sep 26 16:49:49 MST 2006
On Tue, Sep 26, 2006 at 07:17:57PM -0400, Kristian Kielhofner wrote:
> Quite frankly, it is not my fault that the general public and several
> institutions like banks, etc have poorly implemented systems on
> THEIR end that ASSUME that CNID is gospel and use it for all kinds
> of authentication purposes. Why do telcos use the ANI for billing?
> Because it is gospel,
No it's not. Sprint, in the southwest, converted presented CNID to ANI
and sent it along. Check the telecom archives. But this isn't germane.
> and as long as they are sending out bills, it
> always will be. If you need to authenticate based on phone number
> (which is ridiculous anyways), check against the ANI. If you are a
> legit institution that needs access to the ANI, you should have no
> problem getting that sent down your PRI from your telco.
Indeed. But that's not on point, either.
> Obviously caller ID is a joke, and has been for some time. That
> ship sailed long before you and I started talking about it on
> Asterisk-Users. The more that people fall for invalid and spoofed
> caller id the better for all of us. Standard practice and public
> opinion need to be changed on this.
I understand your point, but I'm of two minds on this, as I am on the
current ATM password fracas, and for the same reasons.
> I hate getting credit cards and
> having to activate them from my "home phone number". It tells me that
> my credit card has no understanding of security for my account. Too
> bad that to make purchases in the 21st century you need a credit card,
> and all banks and card issuers are equally stupid.
Indeed it is.
> Why not connect me to a human that asks me all kinds of questions? I
> know they can do that because other banks (and credit bureaus, etc)
> have access to that info and have those processes in place.
Oh yeah, they can ask you *useful* questions. Like your mother's
maiden name. And your SSN. :-)
> Maybe if US Weekly does a few more stories about celebs like Paris
> Hilton getting jacked by spoofed caller id popular opinion might be
> changed. Until then...
> What is boils down to is personal responsibility and enforcement of
> rules/laws that are already in place. Sure, I *COULD* drive 150mph on
> almost any road, but we as a society already have laws in place like
> speed limits that will punish me when I do. I am not forbidden from
> buying a Porsche (or penalized for having one) just because it can go
> 150mph. However, if I do, I'll go to jail.
Precisely. You're saying that "not spoofing caller ID" is not part of
the American Social Contract, then?
> Likewise, if a predator scams someone, stalks them, etc because they
> have access to caller id spoofing, lock them up for theft or stalking
> (illegal in most states). Don't take away their PRI or the ability to
> set CID and punish the rest of us in the process. I'm no lawyer, but
> in Wisconsin (and probably other states) it is perfectly legal and
> acceptable to set caller id to anything you please, as long as it is
> not used to stalk, harass, defraud, etc. If you get busted doing that,
> not only do you faces charges on the original crime (stalking, theft,
> etc) you get another count added for faking caller id to do it.
The need to send CNID not your own for non-nefarious purposes (see the
HP pretexting scam, and if you *don't* think that's going to dribble
over into telemarketers sending fake CNID, TCPA notwithstanding,
then you're nuts) is rare enough that I have no problem requiring the
telcos to get a signed agreement from clients to turn off the filters.
> As a matter of fact, a less known fact is that if you use an FRS
> (Family Radio Service) walkie-talkie (or police scanner) in the
> commission of a crime, you just broke another (federal) law and can be
> prosecuted for that. There are examples of laws like this all over the
But gratuituously making easy something that very few people have a
legitimate need to do, which undermines something that -- even if you
do only make the resaonable assumption that you know which phone, and
not which person, is calling -- is useful and productive... is probably
a Bad Idea. Full disclosure notwithstanding.
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
"That's women for you; you divorce them, and 10 years later,
they stop having sex with you." -- Jennifer Crusie; _Fast_Women_
More information about the asterisk-users