Caller ID Spoofing and Business Identity Theft

On December 7, 2010, the Federal Trade Commission announced that it was seeking comments from the public on whether and how to strengthen the Caller ID provisions of the Telemarketing Sales Rule. By requiring telemarketers to provide Caller ID information, the Rule allows consumers to screen out unwanted calls.  The FTC is considering measures to strengthen the Caller ID provisions of the TSR, and the Commission requested that the public chime in on how to make Caller ID more useful to consumers and to combat technologies that hide telemarketers’ identities.

It’s good news that the FTC recognizes weaknesses in the Caller ID provisions, specifically when it comes to technology that allows a caller to hide his or her identity.  However, it missed the boat entirely on the threshold issue:  enhanced regulations only affect those who choose to comply with them.   In fact, any enhanced compliance responsibilities will likely place an unwarranted burden on companies that comply with the rules by properly identifying themselves.

It all comes down to Caller ID spoofing, which can make a call appear to have come from any phone number the caller chooses.  Imagine how useful it would be for criminals to be able to perfectly impersonate a trusted friend who asks you for money.  That’s exactly what spoofing allows them to do.  Because of the high trust consumers appear to have in the Caller ID system, they believe without question that any information on their Caller ID is accurate.  Think about it: Hey, it’s Bank of America calling!  They say I have $10,000 that they have to pay me as part of a class action lawsuit, and all I have to do to get it is to pay a $500 transfer fee!  Get the credit card!

Not only does it make consumer fraud as easy as shooting fish in a barrel, spoofing allows criminals to easily misdirect the attention of law enforcement to the legitimate companies they may be impersonating.  This is a particularly insidious form of identity theft.   The practice of spoofing calls the entire system’s value into question.

Further, this insidious practice threatens to thwart the FTC’s efforts to enforce the TSR.   In its effort to enforce the law, the FTC takes consumer complaints about companies that are identified by Caller ID as gospel, and in its zeal to issue press releases, it may bust down the door of a legitimate business and let the courts sort it out, while the true perpetrators go on their merry way.

The truth is, Caller ID is virtually useless as an aid to law enforcement, and spoofing has the very real potential for turning the FTC into an unwitting accomplice of the very criminals it is charged with stopping.   Until it is possible to prevent the subversion of the Caller ID system, Caller ID information should be completely disregarded as evidence of any violation.

What the FTC needs to do is to impose further regulations aimed at companies that offer Caller ID spoofing services.  These companies should be required to register with the FTC and be held liable for the actions of their clients.

Author: Seth Heyman
Seth D. Heyman is a California attorney with extensive experience in advertising and marketing law, corporate law, contracts, governmental regulations, international business, and Internet law. He has counseled numerous successful companies, both public and private, and was responsible for regulatory compliance, contract management, corporate governance, and HR best practices for multiple organizations in many diverse industries, including marketing, telecommunications, energy, and technology development. He offers insight and guidance on federal and state direct mail, TV, radio, telemarketing, and Internet marketing laws, as well as online promotions, Internet privacy, data protection regulations, and similar matters.

Leave a Reply

Skip to content