‘Nonharmful’ caller-ID spoofs not considered illegal
Misrepresenting yourself with a fake (or someone else’s) number is not an act of fraud under the law. The FCC and AT&T advise consumers not to give out personal information to callers.
Los Angeles Times
Ed Stoecker’s brief, unintended and unhappy stint as a telemarketer occurred recently when he spent days receiving angry calls from people who didn’t appreciate his bothering them.
“They all saw my number on their caller-ID screen,” Stoecker said. “They were upset that I seemed to have called them and then hung up just as they picked up the phone, like I was a robo caller.”
Needless to say, he wasn’t the culprit. Stoecker was a victim of a growing problem called “spoofing,” a telephone sleight of hand that allows a scammer, telemarketer or debt collector to trick a caller-ID system.
For example, instead of the name of a company or an 800 number, your caller ID screen might say “Customer Service” or show what looks like a noncommercial number.
The goal of spoofing is to fool people into picking up the phone, as well as to get around the federal government’s “Do Not Call” list. It also can be used to dupe people into sharing personal information.
“The caller ID might say ‘Los Angeles Police Department,’ and the person at the other end of the line might ask for all sorts of information about you,” said Robert Siciliano, an identity-theft expert with security-technology company McAfee.
And here’s the real kick in the teeth: Spoofing isn’t necessarily illegal.
The federal Truth in Caller ID Act makes it a crime to use a bogus phone number or caller-ID message to commit fraud or cause harm to others, such as trying to con someone into giving out a Social Security number.
But it’s not against the law to engage in what courts have called “nonharmful spoofing.” The Fifth Circuit Court of Appeals said examples of nonharmful spoofing include a domestic-violence victim trying to hide her whereabouts or a consumer withholding his or her callback number from a company.
But that loophole has been embraced by businesses as a way to “nonharmfully” get through a household’s phone defenses.
“I bought a time share a few years ago,” Siciliano said. “Now I get calls every day from people trying to sell me time shares, and they all use spoofing technology.”
A Web search for “caller-ID spoofing” will turn up numerous companies legally providing the service.
The Federal Communications Commission declined to discuss regulation of spoofing. But a spokesman pointed toward a 2011 agency report on the Truth in Caller ID Act.
“Not all instances of caller-identification manipulation are harmful,” the report says.
For example, it says, “doctors responding to after-hours messages from their patients or other medical providers may want to use their cellphones to return the calls, but choose to transmit their office number ... ”
But the report also cites the example of “swatting,” in which a spoofed line is used to report a bogus 911 emergency at a celebrity’s home, prompting a response by the police SWAT team.
Swatting is clearly illegal under federal law. Using a spoofed line to trick someone, apparently, is not.
Stoecker, of Van Nuys, Calif., oversaw phone operations for Los Angeles Valley College before he retired last year. When he saw his own number come up on his caller ID, he knew what happened.
“Somebody had spoofed my number and was using it to make telemarketing calls,” he said.
For three days, Stoecker said, he was flooded with calls from people telling him to knock it off. He contacted his phone company, AT&T, to ask for help. But a service rep said the company was powerless to do anything.
Stoecker called the FCC, but was again informed there was nothing anyone could do. Under the terms of the Truth in Caller ID Act, he was told, spoofing is illegal only when it’s done “with the intent to defraud, cause harm or wrongfully obtain anything of value.”
Stealing someone’s phone number, or misrepresenting yourself with a fake number, apparently is not seen as an act of fraud under the law.
The FCC advises consumers to never give out personal information to people who call their home. AT&T offered the same advice.
For his part, Stoecker believes the law should be tightened to make all acts of spoofing illegal except for a narrow set of circumstances, such as those involving victims of domestic violence.
He also said phone companies should make clear to customers that caller ID is not a foolproof weapon against unwanted phone visitors.
“I pay extra every month for caller ID,” Stoecker said. “But what’s it actually good for?”