A Commercial Software Service Aims to Outfox Caller ID
By KEN BELSON
Published: September 2, 2004
Like most bill collectors, Marvin Smith is always seeking ways to get chronic debtors to pay up. When he calls the first time, he typically hears excuses and requests for more time. When Mr. Smith calls again, the debtors often block his calls using ordinary caller ID technology from the phone company.
That means he then visits in person, a time-consuming and sometimes dangerous task. But Mr. Smith, who runs a collection agency in Austin, Tex., says he may have found a solution: a new computerized service enabling him to create false outbound phone numbers with a click of a mouse, so he can skirt the call blockers.
The service, the first commercial version of a technology known mainly among software programmers and the computer-hacker underground until now, was introduced nationwide on Wednesday by a California company called Star38.
For $19.99 a month and as little as 7 cents a minute, customers can go to the company's Web site (www.star38.com), log in and then type the number that they want to call and the number that they want to appear on the caller ID screen of the recipient's phone.
For an additional fee, they can also specify names that can appear along with their telephone numbers.
"This product would be beneficial," Mr. Smith, the bill collector, remarked. "I'm going to look into it."
Star38 says that others with reason to mask their telephone identities, including private detectives and law enforcement officials, are looking into it, too.
But some privacy-rights advocates and consumer groups wonder whether angry former spouses, stalkers or fraud artists might not be far behind.
"Some people see caller ID as an invasion of their privacy, while others see it as a protection of their privacy," said Robert Atkinson, director of policy research at the Institute for Tele-Information at Columbia University. "It's spy versus spy."
Officials at the Federal Communications Commission indicate that there is nothing illegal, per se, in the Star38 system.
And to some extent, it is merely the latest step in the continual cat-and-mouse game played since caller ID was introduced in the 1980's.
But the new service goes beyond past techniques like withholding the caller's number or masking it with a series of meaningless digits (calls from the main office of The New York Times, for example, regularly appear on the called party's screen as 111-111-1111). With Star38, for the first time it will be possible for vast numbers of people to place calls masquerading as someone else.
"My concern is that private investigators will find out your mother's number so their number will pop up on your telephone as 'Mom,' " said Loretta M. Lynch, a member of the California Public Utilities Commission, which oversees the telecommunications industry in the state. "People will not trust what their phones tell them. It will spell the end of caller ID as a way for people to protect their privacy."
The developers of Star38, who say they required only 65 lines of computer code and $3,000 to create their service, insist that they will take steps to ensure that it is not used maliciously. They plan to spend up to 10 days checking the business licenses of all applicants and will ask subscribers to agree not to use Star38 to commit fraud, and to accept legal liability if they violate state or federal laws.
The company also plans to cooperate with police forces, if asked, to provide records of what numbers customers dialed to and from, and what numbers they chose to show the recipients of their calls.
"Law enforcement will have complete access to search our database," said Jason Jepson, the chief executive of Star38, of Newport Beach, Calif. "We don't want the insinuation that they can sign up, use it temporarily and then run off."
Mr. Jepson, 30 - who says he got the idea for his service after speaking to his aunt, a bounty hunter, about the best ways to get in touch with people - said Star38 had no immediate plans to sell its service to ordinary consumers because of the potential for misuse. "There are too many things that can go wrong," Mr. Jepson said.
But industry experts say that the caller ID spoofing, as it is known, is simple enough to develop that it is only a matter of time before other service providers make it available to anyone.
The legal and ethical boundaries of the service are rather blurry. An F.C.C. official said the agency's rules require only that telephone companies provide caller ID abilities and the ability to block caller ID. The rules do not cover add-on services like Star38 provided by nontelephone companies.
But Star38 or any other service that helps companies deceive consumers does have the potential to run afoul of the federal Fair Debt Collection Practices Act.
"Third-party debt collectors are prohibited from using any means that is likely to deceive consumers, " said Rozanne Andersen, general counsel at the Association of Credit Collection Professionals, a trade group based in Minneapolis, "so unless the collector is presenting a telephone number that is meaningful to the consumer, it is arguably a deceptive practice." She also said that a service like Star38 could violate various state fraud laws.
Mr. Jepson said the company's lawyers were confident that the service was legal. And he said that debt collectors, who might be able to spoof caller ID systems by using Star38, would still be obligated to identify themselves once a recipient picked up the phone.
At least one big telephone company, BellSouth of Atlanta, is concerned about the advent of Star38. "It raises safety issues," said Jeffrey Battcher, a BellSouth spokesman. "Our legal and regulatory departments are looking into it. Also, the service degrades a BellSouth service that people pay for - the caller ID information they pay for."
As for privacy-rights advocacy, not all are in the same camp when it comes to caller ID. Some privacy groups opposed the original caller ID services because they forced consumers to reveal personal information involuntarily. Some of those groups now warily support Star38's spoofing technology.
"This is solving a problem that caller ID created," said Mark Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "Most people thought of caller ID as a net privacy loss, but this technology may help customers recapture some privacy."
Others add that caller ID spoofing is no different - and no better or worse - from other telecommunications technology that have allowed people to mask their identities or locations. For years, people have used pay phones to hide their whereabouts, and some companies now sell cheap mobile phones with a finite number of minutes that callers can use temporarily and throw out afterward.
And anyone with a computer and a telephone line can create free e-mail addresses that preserves anonymity.
"You've always had in technology an arms race when you try to change things," said Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a nonprofit group that advocates minimal regulation of the Internet. "I've never liked caller ID, but it's one of the things you have to deal with."
Still, Mr. Tien and others warn that there is often a gap between the introduction of technology and the public's knowledge of its uses and abuses, and the lag leaves ordinary people open to exploitation. And since Star38 will be available only to companies and not consumers, it is individuals who may be most at risk initially, they say.
"This is another case where the technology is developing so quickly that there aren't standards settled on for people to keep up with what's possible, and that's where you have the deception," said Jay Stanley, communications director of the technology and liberty project at the American Civil Liberties Union. "There's a lag between what's possible and what's known."
Mr. Jepson, who said he had received about six dozen e-mail messages so far from potential customers who had downloaded the Star38 software, maintained that his company's safeguards were intended to prevent misuse.
"Every technology has a dark side," Mr. Jepson said, "but our customer will have to use it legally."
By KEN BELSON
Published: September 2, 2004
Like most bill collectors, Marvin Smith is always seeking ways to get chronic debtors to pay up. When he calls the first time, he typically hears excuses and requests for more time. When Mr. Smith calls again, the debtors often block his calls using ordinary caller ID technology from the phone company.
That means he then visits in person, a time-consuming and sometimes dangerous task. But Mr. Smith, who runs a collection agency in Austin, Tex., says he may have found a solution: a new computerized service enabling him to create false outbound phone numbers with a click of a mouse, so he can skirt the call blockers.
The service, the first commercial version of a technology known mainly among software programmers and the computer-hacker underground until now, was introduced nationwide on Wednesday by a California company called Star38.
For $19.99 a month and as little as 7 cents a minute, customers can go to the company's Web site (www.star38.com), log in and then type the number that they want to call and the number that they want to appear on the caller ID screen of the recipient's phone.
For an additional fee, they can also specify names that can appear along with their telephone numbers.
"This product would be beneficial," Mr. Smith, the bill collector, remarked. "I'm going to look into it."
Star38 says that others with reason to mask their telephone identities, including private detectives and law enforcement officials, are looking into it, too.
But some privacy-rights advocates and consumer groups wonder whether angry former spouses, stalkers or fraud artists might not be far behind.
"Some people see caller ID as an invasion of their privacy, while others see it as a protection of their privacy," said Robert Atkinson, director of policy research at the Institute for Tele-Information at Columbia University. "It's spy versus spy."
Officials at the Federal Communications Commission indicate that there is nothing illegal, per se, in the Star38 system.
And to some extent, it is merely the latest step in the continual cat-and-mouse game played since caller ID was introduced in the 1980's.
But the new service goes beyond past techniques like withholding the caller's number or masking it with a series of meaningless digits (calls from the main office of The New York Times, for example, regularly appear on the called party's screen as 111-111-1111). With Star38, for the first time it will be possible for vast numbers of people to place calls masquerading as someone else.
"My concern is that private investigators will find out your mother's number so their number will pop up on your telephone as 'Mom,' " said Loretta M. Lynch, a member of the California Public Utilities Commission, which oversees the telecommunications industry in the state. "People will not trust what their phones tell them. It will spell the end of caller ID as a way for people to protect their privacy."
The developers of Star38, who say they required only 65 lines of computer code and $3,000 to create their service, insist that they will take steps to ensure that it is not used maliciously. They plan to spend up to 10 days checking the business licenses of all applicants and will ask subscribers to agree not to use Star38 to commit fraud, and to accept legal liability if they violate state or federal laws.
The company also plans to cooperate with police forces, if asked, to provide records of what numbers customers dialed to and from, and what numbers they chose to show the recipients of their calls.
"Law enforcement will have complete access to search our database," said Jason Jepson, the chief executive of Star38, of Newport Beach, Calif. "We don't want the insinuation that they can sign up, use it temporarily and then run off."
Mr. Jepson, 30 - who says he got the idea for his service after speaking to his aunt, a bounty hunter, about the best ways to get in touch with people - said Star38 had no immediate plans to sell its service to ordinary consumers because of the potential for misuse. "There are too many things that can go wrong," Mr. Jepson said.
But industry experts say that the caller ID spoofing, as it is known, is simple enough to develop that it is only a matter of time before other service providers make it available to anyone.
The legal and ethical boundaries of the service are rather blurry. An F.C.C. official said the agency's rules require only that telephone companies provide caller ID abilities and the ability to block caller ID. The rules do not cover add-on services like Star38 provided by nontelephone companies.
But Star38 or any other service that helps companies deceive consumers does have the potential to run afoul of the federal Fair Debt Collection Practices Act.
"Third-party debt collectors are prohibited from using any means that is likely to deceive consumers, " said Rozanne Andersen, general counsel at the Association of Credit Collection Professionals, a trade group based in Minneapolis, "so unless the collector is presenting a telephone number that is meaningful to the consumer, it is arguably a deceptive practice." She also said that a service like Star38 could violate various state fraud laws.
Mr. Jepson said the company's lawyers were confident that the service was legal. And he said that debt collectors, who might be able to spoof caller ID systems by using Star38, would still be obligated to identify themselves once a recipient picked up the phone.
At least one big telephone company, BellSouth of Atlanta, is concerned about the advent of Star38. "It raises safety issues," said Jeffrey Battcher, a BellSouth spokesman. "Our legal and regulatory departments are looking into it. Also, the service degrades a BellSouth service that people pay for - the caller ID information they pay for."
As for privacy-rights advocacy, not all are in the same camp when it comes to caller ID. Some privacy groups opposed the original caller ID services because they forced consumers to reveal personal information involuntarily. Some of those groups now warily support Star38's spoofing technology.
"This is solving a problem that caller ID created," said Mark Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "Most people thought of caller ID as a net privacy loss, but this technology may help customers recapture some privacy."
Others add that caller ID spoofing is no different - and no better or worse - from other telecommunications technology that have allowed people to mask their identities or locations. For years, people have used pay phones to hide their whereabouts, and some companies now sell cheap mobile phones with a finite number of minutes that callers can use temporarily and throw out afterward.
And anyone with a computer and a telephone line can create free e-mail addresses that preserves anonymity.
"You've always had in technology an arms race when you try to change things," said Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a nonprofit group that advocates minimal regulation of the Internet. "I've never liked caller ID, but it's one of the things you have to deal with."
Still, Mr. Tien and others warn that there is often a gap between the introduction of technology and the public's knowledge of its uses and abuses, and the lag leaves ordinary people open to exploitation. And since Star38 will be available only to companies and not consumers, it is individuals who may be most at risk initially, they say.
"This is another case where the technology is developing so quickly that there aren't standards settled on for people to keep up with what's possible, and that's where you have the deception," said Jay Stanley, communications director of the technology and liberty project at the American Civil Liberties Union. "There's a lag between what's possible and what's known."
Mr. Jepson, who said he had received about six dozen e-mail messages so far from potential customers who had downloaded the Star38 software, maintained that his company's safeguards were intended to prevent misuse.
"Every technology has a dark side," Mr. Jepson said, "but our customer will have to use it legally."
Comment