On Mon, 2008-05-12 at 11:56 -0400, Peter Beckman wrote: > On Fri, 9 May 2008, Steve Totaro wrote: > > > I think you are missing the whole point here. CID and ANI are DIFFERENT. > > > > A law concerning passing valid CID should not be passed. I have used > > it as a GUID between call centers. > >
The law in florida, which afaik has not yet passed, the law in NJ which again as far as I know wasnt directly related to ANI are based against fraud. The florida one speaks specifically about fraud and the NJ one was a conviction of someone doing fraud stuff. It is not illegal to specify some arbitrary ANI/CLID in those places when you are the receiving end (basically using it as a cookie of some type) or when you have permission from the target. The florida law as stated on the news site I read (I havent read the statute, dont care enough) makes it illegal to spoof when you are calling random people, generally in pursuit of other fraud. It was kinda clear on that point, meaning if you own the receiving end you can authorize people to send anything they want, its your choice. Just like the hacking laws let you break into your own computers, or authorize others to legally break into them. As for tracability, what lawmakers dont know is that there is a 3rd number in addition to CLID/ANI that can be used, and generally is not user settable, for tracking down fraud issues. That is the BTN, or billing telephone number. It may be the same, but usually its different from your CLID/ANI (even if those match). This will more often than not be the ITSP that service was used through. Even some in the telco industry dont know about this 3rd number and cant grasp the concept that someone can place a call from one provider and receive it on another using the CLID/ANI of the receiving side. I think that some of the laws do not consider how the technology works. For example the service like vonage or broadvoice are what most expect voip providers to be like, concepts such as one way providers (ie you can get pstn termination only at some providers) and the fact that some may be reselling that service make it difficult to know what is and what is not a valid ANI/CLID. With vonage or broadvoice its fairly simple, you order a phone line replacement, which includes a number, outgoing calls have that number as the clid/ani (although some of their providers are incapable of doing ani properly). With the wholesale packages its much more difficult since they are not phone line replacements. If level3 sells a wholesale package to me, and I resell it to some itsp who resells it to another itsp, how does level3 know which ANI/CLId are valid? How do I? What about international, for example is Amsterdam area code 312, or is it country code 31 and a city code that starts with 2 (yeah international is generally done different, sip doesnt really allow that in most implementations so ...)? And so on, it creates problems in that information may not pass quickly enough (or at all) to know the difference. The intent as I read the florida stuff was more to slap an extra charge onto someone rather than anything else. It doesnt lead to probable cause in many cases since the government probably does not know how to trace that call properly (in combination with the phone company doesnt want to spend more money helping them, or they dont know they can) so they dont know which provider it came in on, they dont know who really originated the call, etc. It does let them after the fact give an extra conviction to someone though. In some rare situations it may lead to probable cause (thus a search warrant), it may lead to a preemptive arrest, but odds are 99% of the cases it will be a "now that we have you for all these other crimes we will add this one to it". Generally offenses that are all related have to be served at the same time, which means that it probably wont add much if any jail time to the people who are doing it to rip someone else off, especially if they are facing state time, when the states dont want to pay to house anyone but do it. Its a feel good law that, so far, does not do much. Unless I missed when someone said the FCC is getting involved and going to do something insane with it requiring gobs of proof to allow that ANI on that customers profile, blah blah blah. And generally break most ITSPs since they wont be able to immediately comply. Not to mention administrative overhead that will raise the costs. -- Trixter http://www.0xdecafbad.com Bret McDanel Belfast +44 28 9099 6461 US +1 516 687 5200 http://www.trxtel.com the phone company that pays you! _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
