CID Spoofing: Friend or Foe

As technology progresses it creates both opportunity and mayhem. Many of the innovations afforded by the internet are clear cut and are good or bad. Law is crafted around these classifications to ensure they maintain in their proper order. One current problem in the system is regarding Caller Identification Spoofing (“CID Spoofing”). Wikipedia defines CID Spoofing as “[The] practice of causing the telephone network to display a number on the recipient's caller ID display which is not that of the actual originating station; the term is commonly used to describe situations in which the motivation is considered nefarious by the speaker.”

Company’s legitimately use this company for a variety of purposes. I will attempt to set the stage and outline why this technology is needed. Companies outsource support and customer care services to other companies that specialize in this type of service. When a person calls XYZ Corp, they may very well be directed to a call center in India that is serving multiple companies. They have trained scripts, responses, and knowledgebase’s for XYZ Corp’s products and services. If an individual at that call center needs to return a call to a customer on XYZ Corp’s behalf there is a problem. Since this call center services multiple companies what caller id should be used as the outbound number?

The logical answer would be that the call center should use a caller id for the most logical and appropriate callback number. XYZ Corp may have multiple call centers servicing it’s calls but want the caller ID to be consistent across the various call centers so that when/if a person calls back they are redirected back to the top of the hierarchical distribution queue and not to that call center directly.

In addition, some companies do not use the same inbound and outbound call provider. One provider may have less expensive outbound rates (placing calls) versus inbound rates (receiving calls). The operator of the PBX will want the caller id on the outgoing calls to match one of their inbound phone numbers. Without the ability to specify this CID the entire idea capitalist ideas of VoIP telephony are moot.

The problem with this is that malicious parties have been taking advantage to this once benign feature. People faking/pretending to be other people causing a ruckus because when the party returns the call he could be returning it to an individual that was not even the actual call placer. Currently there are no laws prohibiting the use of CID spoofing for a number that you do not legally have delegated authority to use. There have been various bills introduced and even come close to passing but usually fail because of procedural flaws or other items taking precedence. Laws around this issue need to be crafted and introduced to stop the blatant abuse in the system.

Where do you think or how do you think this issue will develop?