Transcript Presentation

ITU Workshop on “Caller ID Spoofing”
(Geneva, Switzerland, 2 June 2014)
Experience of an inbound telephony
provider
Anne-Valérie Heuschen,
Head of legal & regulatory affairs,
Voxbone, Belgium
[email protected]
Geneva, Switzerland, 2 June 2014
Agenda
Voxbone
Meaning of Caller ID/ CLI
Examples of Caller ID/ CLI
regulations
Caller ID/ CLI spoofing
Caller ID/ CLI spoofing from an
operator perspective (I and II)
Conclusion
Geneva, Switzerland, 2 June 2014
2
Voxbone
Company
Founded in 2005
Offices in Brussels (HQ), San Francisco and Los Angeles
Global IP backbone carrying 2 Gbps of voice traffic with 5
SuperPOPs
Business and services
Services in 50+ countries, inbound exclusively
VoxDID : Voice inbound services through local or national phone
numbers in 50+ countries covered (4000+ area codes)
Vox800: Voice inbound services through toll free or free phone
numbers in 25+ countries covered
Geneva, Switzerland, 2 June 2014
3
Meaning of Caller ID/ CLI
Caller ID = Caller Identification refers to
E164 number and/or name calling
CLI = Calling Line Identification refers to
the E164 number calling
At network level, if CLI is provided by
origination network (in SIP, under a “Passerted identity”), it will be forwarded
until termination network (presence in the
CDRs)
Geneva, Switzerland, 2 June 2014
4
Examples of Caller ID/ CLI regulations
US Truth in Caller ID Act protects the privacy of
the person calling by requiring telephone
companies to make available free, simple and
uniform per-line blocking and unblocking
procedures.
EU Directive 2002/58/EC, article 8:
CLIP= Calling Line Identification Presentation
CLIR= Calling Line Identification Restriction
Intl: Privacy right is a human right as approved
in “The right to privacy in the digital age” by the
UN General Assembly, 20 November 2013.
=> At network level CLI is forwarded (in SIP “P-asserted
identity” header) but CLIP/CLIR is an end user privacy right
(in SIP “privacy” header)
Geneva, Switzerland, 2 June 2014
5
Caller ID/ CLI spoofing
To spoof = to deceive, to abuse, to fool
Malicious intent is key:
Not financial in the telecommunication sense (except in cases
of premium rates numbers)
Scam/ Identity theft, harassing calls
CLIP/CLIR protects the privacy of one individual and CLIR
should not be considered as spoofing by definition
Spoofing= CLI transformation with malicious intent;
flexibility of CLI transformation is and should not be
considered as spoofing, as long as it is not in a wilful or
illegal mean.
Prohibition of caller ID/ CLI spoofing for the purposes of
defrauding or otherwise causing harm (e.g. US Truth in
Caller ID Act ).
Geneva, Switzerland, 2 June 2014
6
Caller ID/ CLI spoofing from an
operator perspective (I)
Spoofing is detrimental for the
reputation of an entire industry
Spoofing already existed in a non-IP
world
CLI is generally received by the
terminating network but no mean of
ensuring the authentication of the
CLI
Geneva, Switzerland, 2 June 2014
7
Caller ID/ CLI spoofing from an
operator perspective (II)
Prevention: Authentication of CLI (i.e. calling
party has an authorization to use the number) at
origination is crucial; if CLI has not been
authenticate by originating network, no call
origination should be allowed, or only with the
“primary” authenticated CLI on file
Already a best industry practice at administrative level
IETF/ STIR committee work at technical level
Sanction: LEAs have in practice tremendous
difficulties to find the offender(s) due to 1)
misunderstanding of the principles and 2)
international nature of offenses
Geneva, Switzerland, 2 June 2014
8
Conclusion




Technical standards : IETF/ STIR
committee work
Regulations: spoofing prohibition
(transformation of CLI with wilful
intent)
Foster international cooperation
Practical level: training of national
LEAs to have an understanding of
spoofing
Geneva, Switzerland, 2 June 2014
9