, SecurityFocus 2004-08-27
Overdue debtors beware: You may not be able to rely on Caller I.D. to screen out those annoying bill collectors much longer. A California entrepreneur has a plan to bring the hacker technique of Caller I.D. spoofing to the business world, beginning with collection agencies and private investigators.Slated for launch next week,
Caller I.D. spoofing has for years been within the reach of businesses with certain types of digital connections to their local phone company, and more recently has become
SecurityFocus took the site for a test drive, and found it worked as advertised. The user fills out a simple Web form with his phone number, the number he wants to call, and the number he wants to appear to be calling from. Within two seconds, the system rings back, and patches the user through to the destination. The recipient sees only the spoofed number displayed on Caller I.D. Any number works, from nonsense phone numbers like "123 4567" to the number for the White House switchboard.
Jepson says the backend system doesn't rely on the most common methods of Caller I.D. spoofing -- PRI lines and VoIP -- but otherwise declined to comment on how it operates, for fear that competitors will launch copycat sites.
Star38.com claims it will screen subscribers, and initially make the service available only to licensed private investigators and collection agencies. Jepson and his partners believe that collection agencies in particular will find the service invaluable for getting recalcitrant debtors to answer the phone.
"If [collection agencies] have access to the loan application, they have the references," says Jepson. "Now they can call John Doe, and the number that he used as a reference on his loan application pops up on his or her Caller I.D." When debtor answers the call, instead of being greeting by Uncle Joe from back east, he finds himself on the line with a stern gentleman who wants to discuss some missed car payments.
The service does not appear to violate any federal criminal law, says Orin Kerr, a law professor at the George Washington University Law School, and a former Justice Department computer crime lawyer. "It doesn't violate the Wiretap Act or the Computer Fraud and Abuse Act or anything like that," say Kerr.
But Rozanne Andersen, general counsel at the
"I would say that the concept would be very attractive to the industry, but the practice would be prohibited," says Andersen. "If that consumer calls that number, and does not reach the collector, that's a very serious problem. Certainly the use of what I'll call a 'dummy number' or a 'substitute number' would be a prohibited practice, because it is deceptive in its nature."
Jepson says his own attorney has advised him that the practice is permissible. He plans on launching Star38.com on September 1st.