[VOIPSEC] Truths on "Truth in Caller ID Act"
John Osmon
josmon at rigozsaurus.com
Fri Oct 13 13:45:07 CDT 2006
On Fri, Oct 13, 2006 at 10:26:15AM -0600, gary at techmate.net wrote:
[...]
> I don't see any problem the way the law is written unless it assumes
> that a 970 area code MUST be located in the 970 area and that would pose
> a problem with cell phone too. I do however believe the Caller ID should
> identify the correct person or entity just but that the location should
> not be assumed.
You've hit the crux here. Traditional phone service was tied
to the wire that delivered it. Thus location (and to some extent
identity) could be assumed to be statically linked with a phone number.
This assumption started to break down with cell phones, and VOIP is
accelerating it to *all* phone lines.
Any law that doesn't take this fact into account has a good chance
of being unenforceable, and/or being a major hindrance to the industry.
To make things germane to the list subject:
Security policies must assume that CallerID on the PSTN is *NOT*
authoritative for identity and/or location.
I won't get into the argument about whether or not the PSTN *should*
become authoritative -- that's a religious war that I don't
want to touch.
More information about the Voipsec
mailing list