October 31, 2006

Caller ID Boogeyman

Around my neighborhood, little children are going around imagining non-existent ghosts and collecting treats. In turns out, grownups (only slightly it turns out) in Washington are creating their own ghosts. A recent, relevant one is “spoofing” of Caller ID. Normally, the caller ID information is determined by the interface over which that call is made. But certain class of users can specify (per call) the exact information that will be delivered to the caller user. Subsequent networks will carry/deliver this information. They had the ability to mark the authenticity of the information that is being gathered, even though seldom it was done. But the service was marketed as if the information so delivered is authentic. This means that there will be people who will take advantage of this for nefarious purposes. Some policy makers want to address this matter legislatively. This note argues that it is ill advised.

Almost all service providers call out their Caller ID service offering by either charging extra or by declaring this to be an enhanced service in one respect or other. If it is so, then shouldn’t we expect them to verify the voracity of that piece of information? Or minimally, shouldn’t they be required to declare whether the information has been verified or not. The protocol allows for this information to be carried within the network. Why can’t the service providers deliver it to the user?

Instead of this simple solution, the proposal just wants to declare certain practices to illegal. This is not effective. It forces us to build a legal case and prosecute the offenders requiring lengthy legal proceedings. A couple of weeks back, Alec talked about it in his blog while quoting a proposed solution from TalkPlus CTO John Todd. In my opinion this solution is also not satisfactory.

According to the description available at ETel site, the proposal calls for formation of an entity that will stipulate, monitor and enforce authentication scheme. Of course John has thought through this and has a very detailed proposal. My concern is that it is possible we may be recreating the old telco model in the sense that this becomes a bureaucratic entity slowing new entrants. In any event, it is difficult to ensure that this entity will be global in nature. So the only effective action we can take is to inform the user whether the information has been verified or not and let the user decide what to do with that information. After all the intelligence has moved to the end and delivering transparent information is sufficient. Earlier, I had suggested as much.

Posted by aswath at October 31, 2006 04:33 PM
Related Posts Widget for Blogs by LinkWithin
If you do not have an OpenID, then please use www.enthinnai.com/unauopenid/anyblog.

 

Comments



Copyright © 2003-2014 Moca Educational Products.