90 likes | 111 Views
Delve into the world of Caller ID spoofing with detailed examples, regulations, and perspectives from a telephony provider. Explore the meaning, regulations, implications, and prevention techniques of this deceptive practice.
E N D
ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014) Experience of an inbound telephony provider Anne-Valérie Heuschen, Head of legal & regulatory affairs, Voxbone, Belgium aheuschen@voxbone.com
Agenda Voxbone Meaning of Caller ID/ CLI Examples of Caller ID/ CLI regulations Caller ID/ CLI spoofing Caller ID/ CLI spoofing from an operator perspective (I and II) Conclusion
Voxbone Company • Founded in 2005 • Offices in Brussels (HQ), San Francisco and Los Angeles • Global IP backbone carrying 2 Gbps of voice traffic with 5 SuperPOPs Business and services • Services in 50+ countries, inbound exclusively • VoxDID : Voice inbound services through local or national phone numbers in 50+ countries covered (4000+ area codes) • Vox800: Voice inbound services through toll free or free phone numbers in 25+ countries covered
Meaning of Caller ID/ CLI Caller ID = Caller Identification refers to E164 number and/or name calling CLI = Calling Line Identification refers to the E164 number calling At network level, if CLI is provided by origination network (in SIP, under a “P-asserted identity”), it will be forwarded until termination network (presence in the CDRs)
Examples of Caller ID/ CLI regulations • US Truth in Caller ID Act protects the privacy of the person calling by requiring telephone companies to make available free, simple and uniform per-line blocking and unblocking procedures. • EU Directive 2002/58/EC, article 8: • CLIP= Calling Line Identification Presentation CLIR= Calling Line Identification Restriction • Intl: Privacy right is a human right as approved in “The right to privacy in the digital age” by the UN General Assembly, 20 November 2013. => At network level CLI is forwarded (in SIP “P-asserted identity” header) but CLIP/CLIR is an end user privacy right (in SIP “privacy” header)
Caller ID/ CLI spoofing • To spoof = to deceive, to abuse, to fool • Malicious intent is key: • Not financial in the telecommunication sense (except in cases of premium rates numbers) • Scam/ Identity theft, harassing calls • CLIP/CLIR protects the privacy of one individual and CLIR should not be considered as spoofing by definition • Spoofing= CLI transformation with malicious intent; flexibility of CLI transformation is and should not be considered as spoofing, as long as it is not in a wilful or illegal mean. • Prohibition of caller ID/ CLI spoofing for the purposes of defrauding or otherwise causing harm (e.g. US Truth in Caller ID Act ).
Caller ID/ CLI spoofing from an operator perspective (I) Spoofing is detrimental for the reputation of an entire industry Spoofing already existed in a non-IP world CLI is generally received by the terminating network but no mean of ensuring the authentication of the CLI
Caller ID/ CLI spoofing from an operator perspective (II) • Prevention: Authentication of CLI (i.e. calling party has an authorization to use the number) at origination is crucial; if CLI has not been authenticate by originating network, no call origination should be allowed, or only with the “primary” authenticated CLI on file • Already a best industry practice at administrative level • IETF/ STIR committee work at technical level • Sanction: LEAs have in practice tremendous difficulties to find the offender(s) due to 1) misunderstanding of the principles and 2) international nature of offenses
Conclusion • Technical standards : IETF/ STIR committee work • Regulations: spoofing prohibition (transformation of CLI with wilful intent) • Foster international cooperation • Practical level: training of national LEAs to have an understanding of spoofing