On Mon, 2008-05-12 at 16:28 -0400, Jay R. Ashworth wrote: > As I noted, I'm perfectly happy to let aggregators do it by contract; > the hammer that will fall on them is big enough that I don't think they > need to validate a second (or third) time.
well verification is a particularly hard thing to do correctly. For example, e164.org will call the phone number then place the route. This is not (or so it seems) done at intervals later on, which means you can get a number, verify it, release it to someone else, get a new one, and so on. You would end up with a bunch of numbers you only owned long enough to get verified, and now belong to others, allowing you to hijack their calls. Ok, so that is a problem with e164.org, but taking the verification thing further, how exactly do you propose to do this for all the customers that you have? If you place a phone call, it only proves that they (or a disgruntled employee) has access to that number at that particular point in time, it does not verify anything for the future. Signed documents asserting that a number is valid again only mean they are valid at that point in time, which means that you have to somehow hold the customer responsible for telling you that they no longer have that number, unless and this is where a specific law would come into play: The law reads that its illegal to send it or cause it to be sent to a phone company, and specifically excludes those that just route calls. Basically the way it seems the florida law is written (based on news articles about it not the actual statute which I have not read). Basically it made it illegal if you are spoofing callerid/ani for the purposes of deceit, but does not make it illegal for a phone company to transit the bogus data (the whole common carrier status may also help), nor does it make it illegal to spoof for purposes that do not involve deceit (such as calling yourself and using it as some type of cookie). If the laws are written this way, basically itsps only need to sit back and wait for the subpoenas (which will be hard since most of the time people only get caller id sometimes ani and if that is spoofed they have no ability to trace it further - call trace by the phone company often does not log the BTN which is usually the itsp that connected to the pstn, using their cdr logs you can trace it back). I know personally I have been given subpoenas for customer information, in one instance it was for numbers I no longer had, in another it was for someone who was placing calls - a service I did not offer at that time, and no one even telco employees could figure out how they were able to place a call with that number if not through me. -- Trixter http://www.0xdecafbad.com Bret McDanel Belfast +44 28 9099 6461 US +1 516 687 5200 http://www.trxtel.com the phone company that pays you! _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
