Spoofing: How it Violates the Law. Are you in Compliance?

spoofingIn this post I’ll go over examples that would violate the Truth In Caller ID Act of 2009.

To start, let’s look at the law.

Truth In Caller ID Act Of 2009:

1. “IN GENERAL- It shall be unlawful for any person within the United States, in connection with any telecommunications service or IP-enabled voice service, to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value,
unless such transmission is exempted pursuant to paragraph (3)(B).”
(the 3(B) exemption is available only to law enforcement agencies or anyone else that gets a court order specifically authorizing caller id spoofing — for example, a battered women’s shelter might seek such an order)

Next, let’s look at this section of the first sentence:

1. “to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information”.

We first need to know what “caller identification information” means. Caller identification information is defined in section 8 of the law. So if we look at section 8, you cannot display anything other than the true telephone number, or other accurate information regarding the origination of the call.

If someone were to call me and display my Mom’s telephone number, or any number other than the telephone number of the originating the call, they’d be transmitting misleading and inaccurate caller identification information. Why? Because the caller identification is not the telephone number of, or the telephone number originating the call. My Mom or the number displayed isn’t calling me – it’s someone else calling me, “spoofing” my Mom’s or the other number.

Another key part of the sentence is “the telephone number of, or other information regarding the origination of, the call”.
“Other information regarding the origination of the call” could be vague. But it would surely refer to the name and phone number displayed.

If someone calls me showing my Mom’s number and name on the caller ID, any number they can’t be reached at or that is not registered to them, that’s not the true “telephone number of, or other truthful information regarding the origination of”, the caller. Therefore, the Act is being violated.

Now let’s look at the rest of the sentence:

1. “with the intent to defraud, cause harm, or wrongfully obtain anything of value, unless such transmission is exempted pursuant to paragraph (3)(B)”.

All three conditions of “defraud, cause harm or wrongfully obtain anything of value” do not have to occur. The law is written so that if one of the conditions occur, the law is broken.

Defraud

Generally, to defraud means to cause financial loss to another in order to bring financial gain to one’s self. The definition also includes obtaining any; thing, right, or interest.

At the broadest example, if you called me using misleading or inaccurate caller ID information and I told you about some “thing,” that could violate the law.

“Harm”

The next improper purpose of using false caller id information is “harm”.

Harm doesn’t have to be physical. Someone could use misleading or inaccurate caller ID information to frighten someone else and thereby cause emotional harm — mental duress. Any legal definition of “harm” would violate the law.

“Wrongfully obtain anything of value”

Next, “wrongfully obtain anything of value”. If someone called me with “misleading or inaccurate caller ID information” and I told them something of value because of the caller ID information, would that violate the law?

In today’s connected world one could argue nothing is private. Therefore, information has no value. So in this argument, the answer is no.

Now consider the other side. When the recent NSA story broke about how the NSA was secretly tracking phone conversations, it was all over the news and the web.  So, in this example our information clearly has value. In this example, the law would be violated.

The Risk of Interpretation

For sure, The Truth in Caller ID Act of 2009 has room for interpretation. There’s been no cases decided yet that I’m aware of.

Is it worth the risk? Do you really want to be case law? No, and no!

Even if you win, you lose. Because you’ll spend thousands of dollars defending yourself. The stress of it all could cause you to close your doors or worse.

There are substantial fines imposed by the Act — the Act says, “$10,000 for each violation, or 3 times that amount for each day of a continuing violation, except that the amount assessed for any continuing violation shall not exceed a total of $1,000,000”.

In addition to being liable to penalties to the government, you may also face civil claims from the recipient of the call. If so, you could be facing substantial damages, both “compensatory” — which are intended to compensate the victim for the harm they suffered (for example, lost work, medical bills, emotional distress, etc. etc.) and also punitive damages — extra damages intended to punish you for violating the law, which are also intended as a deterrent so that others don’t violate it.

I can’t see any scenario that makes caller ID spoofing viable for skip tracing or investigations.

Instead, use compliant and effective techniques such as what you get with BellesLink.


Related Posts:

Spoofing and The Truth In Caller ID Act of 2009. What You Need to Know.
An Overview of Spoofing and the Truth in Caller ID Act of 2009
Spoofing. How it Violates the Law.
What is NOT Spoofing. What the Truth in Caller ID Act Says.