1 / 9

Experience of an inbound telephony provider

Delve into the world of Caller ID spoofing with detailed examples, regulations, and perspectives from a telephony provider. Explore the meaning, regulations, implications, and prevention techniques of this deceptive practice.

sloned
Download Presentation

Experience of an inbound telephony provider

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014) Experience of an inbound telephony provider Anne-Valérie Heuschen, Head of legal & regulatory affairs, Voxbone, Belgium aheuschen@voxbone.com

  2. Agenda Voxbone Meaning of Caller ID/ CLI Examples of Caller ID/ CLI regulations Caller ID/ CLI spoofing Caller ID/ CLI spoofing from an operator perspective (I and II) Conclusion

  3. Voxbone Company • Founded in 2005 • Offices in Brussels (HQ), San Francisco and Los Angeles • Global IP backbone carrying 2 Gbps of voice traffic with 5 SuperPOPs Business and services • Services in 50+ countries, inbound exclusively • VoxDID : Voice inbound services through local or national phone numbers in 50+ countries covered (4000+ area codes) • Vox800: Voice inbound services through toll free or free phone numbers in 25+ countries covered

  4. Meaning of Caller ID/ CLI Caller ID = Caller Identification refers to E164 number and/or name calling CLI = Calling Line Identification refers to the E164 number calling At network level, if CLI is provided by origination network (in SIP, under a “P-asserted identity”), it will be forwarded until termination network (presence in the CDRs)

  5. Examples of Caller ID/ CLI regulations • US Truth in Caller ID Act protects the privacy of the person calling by requiring telephone companies to make available free, simple and uniform per-line blocking and unblocking procedures. • EU Directive 2002/58/EC, article 8: • CLIP= Calling Line Identification Presentation CLIR= Calling Line Identification Restriction • Intl: Privacy right is a human right as approved in “The right to privacy in the digital age” by the UN General Assembly, 20 November 2013. => At network level CLI is forwarded (in SIP “P-asserted identity” header) but CLIP/CLIR is an end user privacy right (in SIP “privacy” header)

  6. Caller ID/ CLI spoofing • To spoof = to deceive, to abuse, to fool • Malicious intent is key: • Not financial in the telecommunication sense (except in cases of premium rates numbers) • Scam/ Identity theft, harassing calls • CLIP/CLIR protects the privacy of one individual and CLIR should not be considered as spoofing by definition • Spoofing= CLI transformation with malicious intent; flexibility of CLI transformation is and should not be considered as spoofing, as long as it is not in a wilful or illegal mean. • Prohibition of caller ID/ CLI spoofing for the purposes of defrauding or otherwise causing harm (e.g. US Truth in Caller ID Act ).

  7. Caller ID/ CLI spoofing from an operator perspective (I) Spoofing is detrimental for the reputation of an entire industry Spoofing already existed in a non-IP world CLI is generally received by the terminating network but no mean of ensuring the authentication of the CLI

  8. Caller ID/ CLI spoofing from an operator perspective (II) • Prevention: Authentication of CLI (i.e. calling party has an authorization to use the number) at origination is crucial; if CLI has not been authenticate by originating network, no call origination should be allowed, or only with the “primary” authenticated CLI on file • Already a best industry practice at administrative level • IETF/ STIR committee work at technical level • Sanction: LEAs have in practice tremendous difficulties to find the offender(s) due to 1) misunderstanding of the principles and 2) international nature of offenses

  9. Conclusion • Technical standards : IETF/ STIR committee work • Regulations: spoofing prohibition (transformation of CLI with wilful intent) • Foster international cooperation • Practical level: training of national LEAs to have an understanding of spoofing

More Related