[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
                       THE TRUTH IN CALLER ID ACT

=======================================================================

                                HEARING

                               BEFORE THE

          SUBCOMMITTEE ON TELECOMMUNICATIONS AND THE INTERNET

                                 OF THE

                    COMMITTEE ON ENERGY AND COMMERCE
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                                   ON

                                H.R. 503

                               __________

                           FEBRUARY 28, 2007

                               __________

                            Serial No. 110-8


      Printed for the use of the Committee on Energy and Commerce

                        energycommerce.house.gov




                      U.S. GOVERNMENT PRINTING OFFICE
35-342 PDF                    WASHINGTON  :  2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government
Printing Office Internet:  bookstore.gpo.gov Phone:  toll free (866)
512-1800; DC area (202) 512-1800 Fax: (202)512-2250 Mail: Stop SSOP,
Washington, DC 20402-0001 










                    COMMITTEE ON ENERGY AND COMMERCE

                       JOHN D. DINGELL, Michigan, Chairman
HENRY A. WAXMAN, California             JOE BARTON, Texas
EDWARD J. MARKEY, Massachusetts            Ranking Minority Member
RICK BOUCHER, Virginia                  RALPH M. HALL, Texas
EDOLPHUS TOWNS, New York                J. DENNIS HASTERT, Illinois
FRANK PALLONE, Jr., New Jersey          FRED UPTON, Michigan
BART GORDON, Tennessee                  CLIFF STEARNS, Florida
BOBBY L. RUSH, Illinois                 NATHAN DEAL, Georgia
ANNA G. ESHOO, California               ED WHITFIELD, Kentucky
BART STUPAK, Michigan                   BARBARA CUBIN, Wyoming
ELIOT L. ENGEL, New York                JOHN SHIMKUS, Illinois
ALBERT R. WYNN, Maryland                HEATHER WILSON, New Mexico
GENE GREEN, Texas                       JOHN B. SHADEGG, Arizona
DIANA DeGETTE, Colorado                 CHARLES W. ``CHIP'' PICKERING, 
   Vice Chairman                         Mississippi
LOIS CAPPS, California                  VITO FOSSELLA, New York
MIKE DOYLE, Pennsylvania                STEVE BUYER, Indiana
JANE HARMAN, California                 GEORGE RADANOVICH, California
TOM ALLEN, Maine                        JOSEPH R. PITTS, Pennsylvania
JAN SCHAKOWSKY, Illinois                MARY BONO, California
HILDA L. SOLIS, California              GREG WALDEN, Oregon
CHARLES A. GONZALEZ, Texas              LEE TERRY, Nebraska
JAY INSLEE, Washington                  MIKE FERGUSON, New Jersey
TAMMY BALDWIN, Wisconsin                MIKE ROGERS, Michigan
MIKE ROSS, Arkansas                     SUE WILKINS MYRICK, North Carolina
DARLENE HOOLEY, Oregon                  JOHN SULLIVAN, Oklahoma
ANTHONY D. WEINER, New York             TIM MURPHY, Pennsylvania
JIM MATHESON, Utah                      MICHAEL C. BURGESS, Texas
G.K. BUTTERFIELD, North Carolina        MARSHA BLACKBURN, Tennessee
CHARLIE MELANCON, Louisiana
JOHN BARROW, Georgia
BARON P. HILL, Indiana               

                           Professional Staff

                     Dennis B. Fitzgibbons, Chief of Staff
                     Gregg A. Rothschild, Chief Counsel
                        Sharon E. Davis, Chief Clerk
                     Bud Albright, Minority Staff Director

          Subcommittee on Telecommunications and the Internet

                EDWARD J. MARKEY, Massachusetts, Chairman
MIKE DOYLE, Pennsylvania           FRED UPTON, Michigan
JANE HARMAN, California               Ranking Minority Member
CHARLES A. GONZALEZ, Texas         J. DENNIS HASTERT, Illinois
JAY INSLEE, Washington             CLIFF STEARNS, Florida
BARON P. HILL, Indiana             NATHAN DEAL, Georgia
RICK BOUCHER, Virginia             BARBARA CUBIN, Wyoming
EDOLPHUS TOWNS, New York           JOHN SHIMKUS, Illinois
FRANK PALLONE, Jr, New Jersey      HEATHER WILSON, New Mexico
BART GORDON, Tennessee             CHARLES W. ``CHIP'' PICKERING, 
BOBBY L. RUSH, Illinois             Mississippi
ANNA G. ESHOO, California          VITO FOSELLA, New York
BART STUPAK, Michigan              GEORGE RADANOVICH, California
ELIOT L. ENGEL, New York           MARY BONO, California
GENE GREEN, Texas                  GREG WALDEN, Oregon
LOIS CAPPS, California             LEE TERRY, Nebraska
HILDA L. SOLIS, California         MIKE FERGUSON, New Jersey

                                  (ii)










                             C O N T E N T S

                              ----------                              
                                                                   Page
H.R. 251, To amend the Communications Act of 1934 to prohibit 
  manipulation of caller identification information, and for 
  other purposes.................................................    17

Engel, Hon. Eliot, a Representative in Congress from the State of 
  New York, prepared statement...................................     4
Markey, Hon. Edward J., a Representative in Congress from the 
  Commonwealth of Massachusetts, opening statement...............     1
Upton, Hon. Fred, a Representative in Congress from the State of 
  Michigan, opening statement....................................     2

                               Witnesses

Knight, Allison, staff counsel, Electronic Privacy Information 
  Center.........................................................     5
    Prepared statement...........................................    21
Monteith, Kris, Chief, Enforcement Bureau, Federal Communications 
  Commission.....................................................     9
    Prepared statement...........................................    28
Pies, Staci, vice president, PointOne, president, Voice on the 
  Net Coalition..................................................     7
    Prepared statement...........................................    29


                       THE TRUTH IN CALLER ID ACT

                              ----------                              


                      WEDNESDAY, FEBRUARY 28, 2007

              House of Representatives,    
          Committee on Energy and Commerce,
                Subcommittee on Telecommunications,
                                          and the Internet,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:40 p.m., in 
room 2322 of the Rayburn House Office Building, Hon. Edward J. 
Markey (chairman of the subcommittee) presiding.
    Members present: Representatives Doyle, Engel, Green, 
Solis, Upton, Shimkus, Walden, and Terry.

OPENING STATEMENT OF HON. EDWARD J. MARKEY, A REPRESENTATIVE IN 
        CONGRESS FROM THE COMMONWEALTH OF MASSACHUSETTS

    Mr. Markey. Good afternoon. I want to welcome everyone to 
this panel's first hearing. We have a very active agenda 
planned for the subcommittee, and I am pleased to be sitting 
next to my good friend, Fred Upton, as we begin this process. 
We will try to retain the same level of comedy that existed 
when he was chairman. I believe that is the way the 
telecommunications issues should be conducted.
    Today we begin with legislation that was unanimously 
approved by the committee and the House in the last Congress 
when it was sponsored by former Chairman Joe Barton and my 
committee colleague Congressman Eliot Engel from New York. They 
have teamed up again this year and reintroduced the bill, and 
today we hope to gather updated testimony and approve the bill 
through the subcommittee.
    This legislation addresses caller ID spoofing. Spoofing is 
when a caller masks or changes the caller ID information on 
their call in a way that disguises the true origination number 
of the caller. In many instances, a call recipient may be 
subject to pretexting through spoofing, which can lead to 
fraud, personal ID theft, harassment, or otherwise put the 
safety of the call recipient in danger.
    It is important that we explore and analyze the use of 
spoofing to commit crimes and otherwise harm the public 
interest. On the other hand, lest we think that spoofing always 
has nefarious aims, we must recognize that there may be 
circumstances when a person's safety may be put in danger if 
their true and accurate call origination information is 
disclosed as well. What we see seek in caller ID policy is 
balance. This has been the case since we held hearings in the 
early 1990's on caller ID when this committee sought to take 
into account emerging caller ID technology in a way that also 
allowed callers to block their origination number on a per call 
or per line basis. Technology also allowed call recipients to 
refuse to receive calls by anyone who is blocking their caller 
ID information from going through.
    Last year we adjusted the legislation to ensure adequately 
achieved historic balance so that we look at consumer privacy 
and security. For instance, Members of Congress often have 
direct lines in their offices. In order to ensure that such 
lines do not become generally public and therefore remain 
useful to us, it may be necessary to keep such direct numbers 
confidential and have the outgoing caller ID information 
indicate a different number at which our offices can be reached 
to return calls. That gives the recipient a legitimate phone 
number to call back but keeps confidential lines private. There 
are many doctors, psychiatrists, lawyer, and other 
professionals who would similarly like to keep direct, 
confidential lines private in this way who have no intention of 
misleading anyone. In addition, there may be instances, for 
example, when a woman at a shelter seeks to reach her children 
at home when spoofing is important to safeguard someone's 
safety. Moreover, informants to law enforcement tip lines or 
whistle blowers have additional reasons for why their calling 
information should remain private. We should not outlaw any of 
these practices, and if the legislation that we are now 
considering needed clarification, we have now put that 
clarification in so that spoofing is put into context that 
would address those areas where the intent is to actually 
defraud or harass a called party. That is the goal of the 
legislation.
    Again I want to commend my colleagues, Joe Barton and Eliot 
Engel, for their great work, and I now turn to recognize my 
good friend, the gentleman from Michigan, Mr. Upton.

   OPENING STATEMENT OF HON. FRED UPTON, A REPRESENTATIVE IN 
              CONGRESS FROM THE STATE OF MICHIGAN

    Mr. Upton. I thank the chairman, and I too look forward to 
working with you over the next 2 years before we get to get 
that gavel back over here, but take care of it. You can see 
that we did. In the last 12 years, a lot of chips in this thing 
as well worn. But I appreciate certainly your leadership and 
efforts to convene today's hearing and then markup a little bit 
later when this hearing is over. I am going to ask that my full 
statement be put into the record, and I am not going to give a 
definition of spoofing. You did a very good job. This is a 
bipartisan bill, and I will remind my colleagues that it passed 
by voice last year in the House on the House floor. Sadly, the 
Senate did not take it up; otherwise, it would have been a 
public law. And I commend Mr. Barton again and certainly my 
good friend, Mr. Engel, for their continued leadership on this 
very important issue.
    Let me just convey a couple of different instances where 
spoofing was used, which clearly shows the need for this 
legislation. AARP alerted its members to a prevalence scam 
where spoofers get the local courthouse phone number to appear 
on folks' caller ID screens, and then they tell the recipients 
of the calls that they are judicial officials in order to get 
that victim's personal information, whether it be a Social 
Security number, driver's license, et cetera. Other reported 
case involving a swat team that surrounded an apartment 
building after police received a call from a woman who said she 
was being held hostage in one of those apartments. As it turned 
out, it was a false alarm. Caller ID was spoofed to make it 
look like it was coming from that apartment, someone's idea of 
a bad prank. In other instances, criminals are stealing credit 
card numbers, getting the phone number of the actual card 
holder, and then using those credit cards to get unauthorized 
wire transfers, PIN numbers, a whole host of things that damage 
that individual's personal information, a real violation. And, 
of course, many of us are familiar with our own credit card 
companies which may ask us to call from home phones to 
authenticate and then activate that new card. And if the cards 
are stolen out of the mail, then criminals may be able to spoof 
our home phone numbers and authenticate and activate that new 
card from the convenience from their home or motel room or from 
whatever rock they might crawl under.
    Unfortunately, spoofing does appear to be growing, and 
there is no law that protects the American public from it. This 
legislation, the Truth in Caller ID Act, would make it illegal. 
More specifically, it would make it unlawful for any person to 
cause any caller identification service to transmit misleading 
or inaccurate caller identification information with the intent 
to defraud or cause harm. The unfortunate reality is that our 
age of information has resulted in an explosion of identify 
theft. And while new technologies have provided us with 
tremendous advancements and benefits, technology has also 
provided greater opportunities to criminals as well.
    I look forward to hearing from our witnesses today and for 
the markup, and I would like to think that we could move this 
to the House floor soon with the leadership of the gentleman 
from Massachusetts . I yield back my time.
    Mr. Markey. I thank the gentleman. The gentleman from 
Pittsburgh.
    Mr. Doyle. Thank you, Mr. Chairman. I think this bill has 
been well introduced, so in my first official action as vice 
chairman of your subcommittee, I will----
    Mr. Markey. By the way, I would like to make that public 
announcement to all the members, that the gentleman from 
Pennsylvania, Mr. Doyle, is going to serve as a supremely 
competent and knowledgeable vice-chairman of this committee.
    Mr. Doyle. Well said, Mr. Chairman.
    Mr. Markey. Thank you.
    Mr. Doyle. I am going to follow your lead from earlier this 
morning, Mr. Chairman, and waive my opening statement so we can 
get to our speakers.
    Mr. Markey. Thank you. Let me then recognize the gentleman 
from New York, the author of this legislation, Mr. Engel.
    Mr. Engel. Well, thank you, Mr. Chairman, and I will submit 
my statement to the record, but I just want to make a couple of 
comments.
    First, thank you. I am truly honored that you are taking 
this bill at our first hearing and markup, and I really 
appreciate it. When it became clear to me about the problems of 
spoofing, I went over to then Chairman Barton and asked him if 
we could do this bill. And so we submitted the bill in the last 
Congress as the Barton-Engel bill, but due to the changes, I 
like the way it is submitted in this Congress as the Engel-
Barton bill. And I thank my good friend for cosponsoring it 
again this year as well as Chairman Upton for supporting it.
    We held hearings on this bill last year, and the statement 
that you made, Mr. Chairman, and Mr. Upton's statements really 
capsulize what the hearings told us. The fact that there are 
instances where we may not want the real number to show and 
that there are many horror stories that we know and it can go, 
on and on in terms of political campaigns and trickery where 
people from one campaign can pretend they are calling from the 
opposition's campaign and do all kinds of things to get voters 
angry at the opposition.
    So this is truly a bill whose time has come, and I am very 
grateful that we have tremendous consensus. And I am going to 
submit this, and I look forward to hearing the testimony and 
doing the markup with you. Thank you.
    [The prepared statement of Mr. Engel follows:]

 Prepared Statement of Hon. Eliot Engel, a Representative in Congress 
                       from the State of New York

    Mr. Chairman, I want to thank you for quickly scheduling 
this hearing. The bill before us today is a good bill and one 
that I was happy to re-introduce in this Congress with my 
friend and ranking member, Mr. Barton.
    For years now, I have been working with my colleagues on 
issues of privacy and identity theft. Each and every time we 
plug one hole, crafty criminals come up with another way to 
commit fraud.
    Currently, it is easy, cheap, and legal to spoof caller ID. 
These services can be used for many malicious purposes. A 
criminal can make a call that appears to be originating from 
the recipient's neighborhood bank, his credit card company, or 
the Social Security Administration.
    I've read news reports that criminals are using these 
technologies to get people to give out private information they 
would never give out except that they think they are receiving 
a legitimate call from their bank or even local court house.
    I also have read about some of our colleagues being victims 
in their capacity as Members of the House. At that point, it 
became apparent to me there are people who seek to use these 
technologies to strike at the heart of our democracy.
    Leaving fake messages that are insulting or incendiary on a 
person's voicemail that identifies the caller as an elected 
official or candidate for public office threatens the very 
nature of our electoral process.
    The Truth in Caller ID Act will give us another tool to 
combat identity theft and even election fraud.
    I thank the chairman for his attention to this matter, look 
forward to hearing from the witnesses, and yield back.

    Mr. Markey. Thank you. And, yes, this is the 20th 
anniversary, this month, of my becoming chairman of this 
subcommittee 20 years ago. So it is an honor for me to have 
this bill be the first bill on the 20th anniversary that we 
will be processing. The gentleman from Illinois.
    Mr. Shimkus. Thank you, Mr. Chairman. Congratulations, and 
I am glad you brought up that there are some beneficial uses. I 
kind of forgot about when people call us on our cell phones, 
member to member, it is a different number that pops up on our 
cell phones, even in this system. So we all want to go after 
the bad actors, but there are some credible positive uses, and 
we want to maintain that balance. I think you will try to do 
that. I appreciate your efforts, and I yield back my time.
    Mr. Markey. The gentle lady from California.
    Ms. Solis. Thank you, and congratulations to you, Mr. 
Chairman, and also for bringing this very timely piece of 
legislation forward. I want to tell you that, as a longtime 
advocate on domestic violence issues, I am pleased to see that 
the legislation helps to clarify that law to protect those 
victims. So thank you very much, and I will submit my statement 
for the record.
    Mr. Markey. The gentleman from Oregon.
    Mr. Walden. Thank you, Mr. Chairman. I actually thought 
when I saw something about spoofing on our list today that it 
had more to do with the full committee chairman's comment about 
DTB yesterday and maybe changing the date. But since it is on 
this, I really don't have an opening statement. I supported 
this bill last time, and I will look forward to supporting it 
again.
    Mr. Markey. The gentleman from Nebraska.
    Mr. Terry. I will waive. Happy anniversary, by the way.
    Mr. Markey. Thank you so much. I was a young man once ago.
    So let us now turn to our incredibly impressive panel of 
witnesses. That would be Ms. Allison Knight, staff attorney 
from the Electronic Privacy Information Center. She is staff 
counsel at that organization, a graduate of the University of 
Western Ontario. She has written extensively on this subject, 
and we appreciate very much her being here.
    We have Ms. Staci Pies, who is vice-president and Point One 
president, testifying on behalf of the VON Coalition. She has 
15 years of experience in communications, legal and regulatory 
experience, and she also served at the FCC as deputy division 
chief in a network services division, and senior attorney in 
the FCC's common carrier bureau.
    And Ms. Kris Monteith, chief of the FCC enforcement bureau. 
She is the chief of that bureau. She has held numerous jobs in 
the FCC including overseeing the commission's interaction with 
local, state, and tribal governments. She has also served as 
the chief of policy for the wireless telecommunications bureau 
and deputy chief of the Farmer Common Carrier Bureau's 
competitive pricing division.
    So I think what we will do is we will recognize the 
witnesses in the order that I introduced them, and then we will 
finish up with the FCC giving us their summary view of this 
issue. So, Ms. Knight, you have 5 minutes. Please begin.

  STATEMENT OF ALLISON KNIGHT, STAFF COUNSEL AND DIRECTOR OF 
  PRIVACY AND HUMAN RIGHTS PROJECT AT THE ELECTRONIC PRIVACY 
                       INFORMATION CENTER

    Ms. Knight. Good afternoon. Chairman Markey, Ranking Member 
Upton, and members of the subcommittee, thank you for the 
opportunity to testify today on caller ID spoofing and H.R.251, 
The Truth in Caller ID Act of 2007.
    My name is Allison Knight, and I am staff counsel and 
director of privacy and human rights project at the Electronic 
Privacy Information Center. EPIC is a nonpartisan research 
organization based on Washington that seeks to focus public 
attention on the emerging civil liberties issues and to protect 
privacy, the First Amendment, and constitutional values.
    I would like to discuss two separate and important privacy 
interests related to the issue of caller ID spoofing. The first 
is the right of callers to limit the disclosure of their phone 
numbers in order to protect their privacy and, in some cases, 
their safety. The second is the right for call recipients to be 
free from pretexting and other fraud that can lead to the loss 
of their privacy and the threats of stalking, identify theft, 
and harassment.
    Before caller ID services were offered, telephone customers 
generally had the ability to control the circumstances under 
which their phone numbers were disclosed to others. Many 
individuals have legitimate reasons to report a different 
number than the one presented on caller ID, as was remarked in 
the opening comments. For example, a person may wish to keep 
their direct line private when making phone calls from within 
an organization. And in some circumstances, disclosure of a 
person's telephone number may also put his or her safety at 
risk. Domestic violence survivors, shelters, and other safe 
homes need to preserve their confidentiality of their phone 
numbers. They may need to contact abusers without exposing 
their location in order to arrange custody or other legitimate 
matters. They also may need to contact other third parties, 
such as businesses, that may have very permissive privacy 
policies and would then share collected telephone numbers with 
lists or data brokers. In all of these situations, preserving 
anonymity is necessary for their safety.
    Caller ID blocking may seem like a viable means for 
allowing callers to protect their anonymity while not 
misleading recipients. However, caller ID blocking is not a 
complete solution. A caller can be identified through other 
means, such as the automatic number identification system, and 
some recipients prevent receiving blocked calls. And 
indications are that numbers of individuals who are doing this 
is growing. In the case of a domestic violence survivor, 
attempting to safely reach a required phone number, an 
individual would have to use spoofing for the innocent purpose 
of preserving the confidentiality of his or her number.
    We also can't ignore the privacy interest of those who 
decline to accept calls from unknown numbers. If an individual 
has habitually received harassment calls from a caller ID 
blocked number, we should not permit the harasser to use 
spoofing as a means to circumvent the individual's screening.
    Caller ID spoofing can also create privacy risks. Last 
year, EPIC brought to Congress's attention the problem of 
pretexting consumers' phone records. Pretexting is a technique 
by which a bad actor can obtain an individual's personal 
information by impersonating a trusted entity. For these 
reasons, the practice of spoofing for the purpose of fraud or 
harm should be curtailed. Preventing spoofing for harmful 
reasons will also hold illegitimate spoofers accountable.
    Spoofing caller ID numbers can create a real risk to 
individuals who might be defrauded or harmed by illegitimate 
uses of the technology. At the same time, it is important not 
to punish those who have a legitimate reason to conceal their 
actual telephone numbers.
    EPIC supports H.R.251 as currently drafted because 
including an intent requirement, The Truth in Caller ID Act of 
2007 distinguishes between appropriate and inappropriate caller 
ID spoofing and also preserves legitimate law enforcement 
techniques. Finally, we would also like to call the 
subcommittee's attention to our ongoing concern about the 
revelation that the National Security Agency may have 
constructed a massive database of telephone records of American 
consumers. We again ask members to support EPIC's 
recommendation that the FCC undertake an investigation of the 
possibly improper disclosure telephone records by telephone 
companies that are subject to the privacy obligations contained 
in the Communications Act. Thank you.
    [The prepared statement of Ms. Knight appears at the 
conclusion of the hearing.]
    Mr. Markey. Thank you. Ms. Pies.

    STATEMENT OF STACI PIES, VICE PRESIDENT, POINT ONE, AND 
           PRESIDENT, THE VOICE ON THE NET COALITION

    Ms. Pies. Thank you, Chairman Markey, Vice Chair Doyle, 
Ranking Member Upton, and members of the subcommittee. My name 
is Staci Pies. I am vice president of Point One, a VoIP 
provider, and president of the Voice on the Net or VON 
Coalition, the voice for the VoIP industry.
    Misleading people through the misuse of caller ID, whether 
for a prank, a scam, or worse, is unacceptable. And on behalf 
of the VON Coalition, I thank the committee for its leadership 
in addressing this issue.
    VoIP is burgeoning in popularity with businesses and 
consumers because it can do so much more than plain old 
telephone service. VoIP allows consumers to take control over 
the communications experience, to manage how they use those 
services, and to decide when and where they receive calls. 
Lower costs coupled with a seemingly endless list of new 
possibilities are making VoIP one of the hottest Internet and 
broadband technologies today. Today's VoIP services are simply 
a means to have a conversation. They are portals to a world of 
information that enriches the communications experience and 
adds new dimensions to the idea of a conversation.
    Studies have shown that with the right policy framework and 
continued advancement, VoIP-driven competition has the 
potential to save consumers more than $100 billion over the 
next 5 years. For businesses, VoIP is lowering costs, 
increasing mobility, enabling collaboration, integrating voice 
and data in entirely new ways, boosting productivity, and 
giving companies and competitive advantage, and the best is yet 
ahead.
    Many of the great benefits of VoIP to consumers and 
business users depends on accurate and non-misleading 
identification of the calling party. If I program my VoIP 
service to ensure that calls from my son's school are 
simultaneously rung on all of my phones, I don't want to answer 
it and find out that some telemarketer has spoofed the number 
to fool me into believing it is a priority call.
    To protect the usefulness of their services, VoIP providers 
have a strong interest in having caller ID be accurate and non-
misleading. The VON Coalition has been at the forefront of 
promoting best practices to enable consumers to protect their 
personal data, moving early to adopt and post consumer 
guidelines for protecting billing records. Since then, 
businesses that control personal data, consumers, and the IP 
industry have taken significant steps to self-police fraudulent 
access to personal data. The VON Coalition agrees with 
previously presented congressional testimony that caller ID 
fraud perpetrators must be penalized. Law enforcement should 
have the tools to protect U.S. citizens from individuals that 
fraudulently manipulate phone numbers to commit a crime against 
a person or a crime against property. Spoofing to defraud or 
harass or for unlawful commercial gain cannot and should not 
ever be condoned or tolerated. Congress is right to focus its 
attention on those who would do so.
    As this committee addresses deceptive spoofing, we urge you 
to continue to carefully balance to goal of thwarting criminal 
behavior with the public interest imperative to ensure that 
innovation flourishes and that applications and services 
delivered over broadband are available to all Americans. As 
Chairman Markey so eloquently described in his opening 
statement, the ability to consumers to control various aspects 
of their communication experience presents exciting 
opportunities for the disabled, offers unsurpassed privacy 
protection, and enables businesses and consumers to communicate 
in increasingly efficient and powerful ways.
    The Truth in Caller ID Act, with the focus on the intent to 
commit fraud or other crimes, effectively balances these two 
important objectives by facilitating prosecution while not 
thwarting or prohibiting innovative tools that have legitimate 
consumer empowering benefits. The bill recognizes that caller 
identification information may be modified for telemarketers to 
comply with the TCPA. This is not the only legitimate need to 
change caller ID.
    I would like to share five examples. First VoIP services 
offer tremendous potential for persons with disabilities to 
communicate more effectively. One recent Web application 
permits users to call any phone number in the U.S. or Canada, 
and the service reads to the called party the message that the 
originating user inputs into a Web-based form. Users of the 
application who are speech impaired can now send voice 
messages. Similarly, blind users can now take advantage of 
instant messaging services, where previously they would have 
been precluded from doing so because of sight limitations.
    Second, one of the benefits of VoIP is to help consumers 
better protect their own privacy. For instance, Web sites that 
allow consumers to post solicitations for lawful commercial 
purposes may also permit consumers to provide a temporary 
callback number that is different from their assigned number. 
One service explains the application in this way. The desire to 
communicate cannot be crippled by privacy. The application 
unleashes the true potential of the global community by making 
it a safer place.
    Third, as recognized by Chairman Markey and Ms. Knight, 
there are some situations in which caller ID information can 
actually endanger individual safety. The classic situation is 
the battered spouse. In some instances, blocking the delivery 
of caller ID information might be sufficient; however, because 
technological innovations also facilitate the unblocking of 
caller ID, any legislation should be careful about presuming 
that blocking will always be adequate protection.
    Four, certain new communication services do not organically 
generate or transmit caller ID, but in order to connect to the 
public telephone network, the service may need to insert 
something that looks like a traditional phone number. Many of 
these innovative services, which offer tremendous ways to 
communicate, do not utilize the same numbering and labeling 
practices as yesterday's phone services and should not be 
deemed illegitimate because of this.
    A final exciting new application is the ability for 
consumers to make click-to-dial calls while viewing broadband-
based content. Utilizing such an application, a viewer can 
click a single button on her standard remote and pull up a menu 
that offers a variety of products and services, including 
contacting her local member of Congress. The constituent can 
locate the contact information for the member's office and then 
click on a button that enables her to reach the office through 
a VoIP connection.
    [The prepared statement of Ms. Pies appears at the 
conclusion of the hearing.]
    Mr. Markey. Excellent job. Thank you. I appreciate it. I 
wanted you to get through all five of those. Ms. Monteith.

STATEMENT OF KRIS MONTIETH, CHIEF, ENFORCEMENT BUREAU, FEDERAL 
                   COMMUNICATIONS COMMISSION

    Ms. Monteith. Good afternoon, Chairman Markey, Ranking 
Member Upton, and members of the subcommittee. Thank you for 
the opportunity to speak with you about the problem of caller 
identification spoofing.
    As you know, caller ID services let customers identify who 
is calling them by displaying the caller's telephone number or 
other information on the customer's equipment before the 
customer picks up the phone. Caller ID spoofing refers to a 
practice in which the caller ID information transmitted with 
the telephone call is manipulated in a manner that misleads the 
call recipient about the identity of the caller.
    The commission is deeply concerned about reports that 
caller ID information is being manipulated for fraudulent or 
other deceptive purposes, and the impact of those practices on 
the public trust and confidence in the telecommunications 
industry. We are particularly concerned about how this practice 
may affect consumers as well as public safety and law 
enforcement communities. As a technical matter, caller ID 
spoofing happens by manipulating the data elements that travel 
with the phone call. Phone calls on the public switch telephone 
network, or the PSTN, are routed to their destinations by means 
of a specialized protocol called the signaling system seven, or 
SS7. SS7 conveys information associated with a call, such as 
the telephone number of the caller. The SS7 information for a 
call is provided by the carrier that the caller uses to place 
the call. Caller ID then displays that caller's number to the 
called party. Caller ID spoofing is accomplished by 
manipulating the SS7 information associated with the call.
    The commission addressed caller ID on the PSTN in 1995 with 
rule 64.1601, which generally requires all carriers using SS7 
to transmit the calling party number associated with an 
interstate call to interconnecting carriers. The same 
commission rule also requires telemarketers to transmit 
accurate caller ID information. The development of Internet and 
IP technologies has made caller ID spoofing easier than it used 
to be. Now, entities using IP technology can generate false 
calling party information and pass it into the PSTN via SS7.
    Caller ID spoofing can potentially threaten our public 
safety. For example, spoofers can fabricate emergency calls and 
call as local law enforcement and public safety agencies to 
deploy their resources needlessly. Caller ID spoofing also can 
potentially threaten consumers. Spoofing can be used, for 
example, by the unscrupulous to defraud consumers by making 
calls appear as if they are from legitimate businesses or 
government offices.
    The commission's enforcement bureau has been actively 
investigating the issue of caller ID spoofing since the summer 
of 2005, when information regarding junk fax spoofing came to 
our attention. To date, the bureau has initiated investigations 
of 12 companies engaged in the marketing and selling of caller 
ID spoofing services to customers. One investigation resulted 
in a citation against a telemarketer, Intelligent Alternatives, 
for rule violations, including violations of the caller ID 
rules under section 64.1601. We have sent formal letters of 
inquiry to the other companies and at the same time, served 
most of them with subpoenas to compel them to respond to our 
inquiries. In some cases, we have issued subsequent letters of 
inquiry to uncover additional evidence of possible violations 
of the Communications Act. Our inquiry letter seek information 
about the company's alleged spoofing methods, including 
detailed technical explanations and the types of technologies 
utilized, the identities of other companies that assist in 
providing the spoofing services, the purposes for the services, 
and information about subscribers, and whether the offered 
services can be used to spoof emergency services information or 
otherwise affect those critical first responders.
    We continue to seek relevant information to assist us in 
fully understanding these issues and whether violations of the 
Communications Act or our rules have occurred. But our 
enforcement options may be limited by some of these entities 
who are not directly regulated by the commission. At the same 
time, we have held meetings with numerous industry 
representatives, including wire line, wireless, and voiceover 
Internet protocol based companies to determine the impact of 
caller ID spoofing on their consumers and networks.
    In addition, we have coordinated closely with state 
agencies, the Federal Trade Commission, and other interested 
organizations, such as the National Emergency Number 
Association, regarding their efforts to address and identify 
solutions to this problem. The enforcement bureau is committed 
to continuing to gather and analyze information about these 
companies' practices, their networks, their businesses, their 
customers, and other germane information.
    In conclusion, the intentional manipulation of caller ID 
information, especially for the purpose of fraud or deception, 
is a troubling development in the telecommunications industry. 
The commission looks forward to working with Congress, this 
committee, to ensure that the public maintains its confidence 
in the telecommunications industry. Thank you for the 
opportunity to testify.
    [The prepared statement of Ms. Montieth appears at the 
conclusion of the hearing.]
    Mr. Markey. Thank you. We thank each of the witnesses. That 
now concludes the time for testimony by our witnesses, and now 
the chair will recognize himself for a question of the 
witnesses.
     Ms. Knight, do you feel that the changes that have been 
made in the legislation take into account the context of the 
call so that now the bill goes after the bad actors without 
hindering legitimate uses of technology?
    Ms. Knight. Yes, the intent either to defraud or to cause 
harm adequately and rightly covers the illegitimate uses and 
still protects the legitimate uses of caller ID spoofing.
    Mr. Markey. OK, great. I have no other questions. Mr. 
Upton.
    Mr. Upton. Do you think it addresses everything that we 
should in this bill?
    Ms. Monteith. Yes, I think what would be important with 
respect to intent is that Congress and the committee provide as 
much in the way of legislative history as possible to inform 
the commission of the applicable standard under the intent 
standard.
    Mr. Upton. I have no further questions. Thank you.
    Mr. Markey. The gentleman from New York, Mr. Engel.
    Mr. Engel. Thank you very much, Mr. Chairman. Ms. Monteith, 
in your testimony, you mentioned that the commission has 
coordinated with state agencies regarding the efforts of the 
state agencies to identify solutions to this problem. Can you 
give some examples of what the states are doing to solve the 
problem?
    Ms. Monteith. I know we have worked closely with the 
Florida attorney general's office and I believe with members of 
the Nayrook. I don't have any specific examples. We do 
participate with the Nayrook members on a monthly call that is 
aimed at addressing consumer protection types of issues. But I 
would be happy to get specific details to respond to your 
question.
    Mr. Engel. Thank you. I appreciate that. Ms. Pies, you gave 
a line of good examples of the new technology, the VoIP 
providers. It is really exciting, and obviously many people use 
these things. My kids can tell you more about them than I can, 
but there is no standard, is that true, for VoIP providers when 
it comes to caller ID?
    Ms. Pies. If I understand the question, you are asking 
whether there is an industry-wide accepted technical standard 
for transmission of caller ID.
    Mr. Engel. Yes.
    Ms. Pies. There are several different protocols that are 
used to provide VoIP services. Really depends on the type of 
service that is being provided, the type of network, whether or 
not it is connecting to the PSTN. And there are practices that 
some providers use. As Kris explained in her testimony, if you 
are connecting with the PSTN, there are different requirements 
in order to be able to pass. If you are utilizing SS7 base 
signaling, there is different information that has to be 
passed. Some providers where calls originate IP, rather than 
originating on the PSTN, as I described in my testimony, the 
networks do not organically generate caller ID that is what we 
think of in the traditional plain old telephone service world. 
So they may, for instance, insert a number such as 0001234 in 
order to allow the call to connect, but that call does not have 
a traditional phone number associated with it.
    Mr. Engel. Do most programs let someone manually enter any 
caller ID info they want?
    Ms. Pies. I can't answer whether most do or do not. What 
VoIP does that is so empowering for businesses and consumers is 
it essentially moves functionality that used to be in the hands 
of the large companies. So, for instance, setting up a PBX 
system. I can now download software and set up a PBX system 
from my home, and I can serve a small business straight from my 
home. I do not have to contract through Verizon. So the ability 
to do that also enables me to control some of the 
functionalities that the phone company would have controlled in 
the past, such as establishing the caller ID. I know that there 
are a number of consumer residential VoIP services that ask the 
consumer to select a phone number and fix that selection from 
the get-go, and the caller does not have the ability to 
manipulate it as they go on.
    Mr. Engel. Is the industry working towards any standard 
that you know on how to handle things so that things would be 
uniform?
    Ms. Pies. The industry is, as far as I know, and there are 
technical organizations and engineers that may be working on 
issues that I am not aware of. Establishing a caller ID so that 
calls look like plain old telephone service is probably not 
high on the priority list. Most of the industry standards that 
are being worked on allow the old network to communicate with 
the next generation network. And sort of making up a caller ID 
parameter so that it looks like an old phone call does not 
serve any beneficial purpose when the networks can talk to each 
other without that.
    Mr. Engel. OK, thank you. Thank you, Mr. Chairman.
    Mr. Markey. The gentleman from Illinois, Mr. Shimkus.
    Mr. Shimkus. Thank you, Mr. Chairman. I just want to follow 
up on this range. There is always unintended consequences when 
we move legislation, and it has struck me that we have defined 
that there is legitimate reasons to spoof for protection. We 
have been involved a lot with the 911 issue and enhanced 911 
and identification of location. Is there a concern, especially 
VoIP, which is we are not totally deployed. We are still having 
issues with how someone uses the VoIP service. And they call 
911. How do we know where they are at? And we are trying to 
push that out. Let us take someone who is spoofing legitimately 
to protect their location. What if they then try to make an 
emergency service call? Are they in the system, or are they 
not? Can they be identified, or can they not be identified 
either using traditional land line, cellular or VoIP? Is this 
something we need to talk through, or am I not technologically 
knowledgeable enough to say it is not an issue?
    Ms. Pies. I would like to answer.
    Mr. Markey. Yes.
    Ms. Pies. That is a very good question, and actually the 
way that a VoIP caller or a cellular caller contacts the right 
PSAP, the correct PSAP for the location where the person is 
located, is there is a system called PANI or Pseudo Automatic 
Number Identification. And that number is input into a database 
or a server so that when my calls go in, for instance, I have a 
202 number in my office in Maryland. My call will go into the 
911 system, and because we have a very old 911 system that 
actually does not work very particularly efficiently, you have 
to fool the system to letting it believe that the call is 
coming from the right geographic location. So there is a Pseudo 
ANI that is associated then with my call that tells the PSAP 
that I am in Maryland as opposed to DC. So in fact, that is a 
legitimate spoofing capability that needs to be protected to 
enable the 911 call to go to the right PSAP. It is not 
something that needs to be prevented because both mobile calls 
or VoIP calls, any type of service that can be used from a 
different location from what a traditional phone service would 
be used, needs to have that sort of pseudo phone number to be 
able to tell the PSAP where to go and which PSAP to answer.
    Mr. Shimkus. So no matter what number you change it to or 
the identification of the Pseudo ANI number will direct you to 
the location?
    Ms. Pies. Correct.
    Mr. Shimkus. Great. That is all I have, Mr. Chairman. I 
yield back.
    Mr. Markey. The gentleman from Pennsylvania.
    Mr. Doyle. Thank you, Mr. Chairman. Ms. Monteith, first of 
all, it looks like this bill we have here in the subcommittee 
is a slam-dunk, and we appreciate your help in the process. I 
just thought while we have you here, I would like to have you 
tell us how an enforcement action happens. Walk us through it. 
And do you start it? Does the chairman's office start it? Tell 
us how it works.
    Ms. Monteith. Sure. An enforcement action can be initiated 
through a number of different procedures. One may be that we 
would investigate an issue that comes to our attention that is 
troubling and may be a violation of the Communications Act. 
Secondly, we certainly could be asked by the chairman, other 
commissioners, to help to investigate issues. And thirdly, we 
are very often complaint-driven. A complaint is filed with the 
commission alleging a violation of the Communications Act, and 
we investigate to ensure that there is not or to determine that 
there is.
    Once we initiate an investigation, our general fact finding 
process is to send letters of inquiry to the subject of our 
investigation, asking them to provide us with information 
concerning the underlying issues. They are compelled to 
respond. If they are a non-regulated entity, we sometimes serve 
a subpoena as well as issuing the formal letter of inquiry to 
ensure that they will respond to our inquiry. From there, if 
our investigation reveals that there has been a violation of 
the Communications Act, our general process with respect to a 
regulated entity is to issue what we call a notice of apparent 
liability. That is a finding that we believe there has been a 
violation, and we propose, in many instances, a forfeiture 
along with that finding. The entity then has an opportunity to 
respond to us and indicate to us that either factually or 
legally we do not understand the case or the facts before us, 
the law before us. From there, we go to a forfeiture order that 
may be--if we are dealing with a non-regulated entity or a 
entity that does not have an application or an application or a 
license or a permit from the commission, before we can go to 
the notice of apparent liability stage, we are required by 
statute to issue a citation. And before we could then go to the 
notice of apparent liability stage and impose a forfeiture or a 
fine, we would have to find a repeat violation by that same 
entity of the same underlying Communications Act provision or 
our rules. So that is in essence the process.
    Mr. Doyle. When would the chairman or other commissioners 
get involved in an enforcement action, or do they ever?
    Ms. Monteith. Involved with respect to asking us to 
investigate or involved in the investigation?
    Mr. Doyle. In the investigation.
    Ms. Monteith. The bureau, of course, would coordinate with 
the chairman's office and with the commissioners to share 
information about our investigations. And depending upon 
whether the investigation is something that the bureau could 
handle on delegated authority or whether we had to present the 
item for the commission's full consideration, the commissioners 
may be more or less involved in the investigation.
    Certainly if it is an item that is being presented to the 
commission for vote, the bureau would be responding to the 
commissioners and the chairman and the kinds of questions that 
they may have to assure themselves that they are, and they 
fully understand the facts and the laws surrounding the 
investigation.
    Mr. Doyle. Thank you very much. Mr. Chairman, I yield back.
    Mr. Markey. The gentleman from Oregon.
    Mr. Walden. Thank you, Mr. Chairman. I really don't have 
any questions. I think they have been well addressed and look 
forward to moving into the markup.
    Mr. Markey. The gentleman from Nebraska.
    Mr. Terry. Thank you, Mr. Chairman. I only have one 
question. It is the same one that I asked last time, and I 
think we made sure that this appropriate use was protected, and 
that is within our teleservices industry. Two of the top three 
of which are headquartered in my district. So I just want to 
ask Kris if you could verify that from your reading that a 
teleservices company that uses their client's name and number 
as the caller ID number is an accepted practice and is not one 
that would be considered defrauding or harming.
    Ms. Monteith. Yes, I believe that is correct under our 
rules.
    Mr. Terry. That would be our intent. Thank you.
    Mr. Markey. With the gentleman yielding back, the time for 
questions by the members of the subcommittee has expired. That 
concludes the hearing. All members have 10 days, if they wish, 
to submit questions to the witnesses, and the committee clerk 
will notify the members as to how that process works. And 
without objection, this subcommittee is now adjourned. And we 
will now have the meeting once again. OK, so all the witnesses, 
if you would like, we thank you so much for your excellent 
testimony. And we will take a 1-minute break. We will recognize 
the gentleman from Texas, Mr. Green.
    Mr. Green. Thank you, Mr. Chairman, for your courtesy. 
Again, I apologize. I was just down the hall. I am actually 
trying to work with the Ecuador ambassador with an energy 
company, so you understand that, Mr. Chairman. But I just have 
some questions for Ms. Monteith. Commercial telemarketers are 
required to transmit accurate caller ID information that 
applies whether the calls are made in person or whether they 
are using automated calls. Is that correct?
    Ms. Monteith. Yes, I believe so.
    Mr. Green. OK, if a nonprofit, such as a political action 
committee or a political party or a 571 organization makes 
automated calls to voters, does the current FCC rules prohibit 
them from using inaccurate caller ID info if it is nonprofits 
or political campaigns?
    Ms. Monteith. I don't believe exempt organizations are 
covered under our rules.
    Mr. Green. OK, the committee memo agrees with that and says 
that there is no broad mandate however to the correct caller ID 
information be transmitted for non-commercial calls. That is 
the only thing. The draft bill we have today prohibits the 
sending of inaccurate caller ID info with the intent to defraud 
or cause harm. Does this language prohibit automated political 
calls with inaccurate caller ID info? Does that definition of 
with intent to defraud or cause harm, would that apply to non-
profits or political campaigns?
    Ms. Monteith. I would prefer to, if you don't mind, with 
all due respect, look at the question before I answer.
    Mr. Green. OK, we will be glad to submit that.
    Ms. Monteith. Thank you. I appreciate that. Mr. Chairman, 
generally intent to defraud is relatively clear for a standard, 
but when you add to it intent to cause harm, it is less clear. 
And I would hope that the FCC would interpret that standard, 
which causes harm, how much intent is needed to qualify? And so 
that is an open-ended, but we will submit that to you. And I 
know we have a markup set for this bill, and I have an 
amendment that will address it. But I will hold to the full 
committee, but I think there is some concern about that. And I 
want to make sure we don't have a loophole that can be done by 
non-profits or even political campaigns because our 
constituents can get mad when that caller ID is false. And 
whether it is me calling them or the Democratic Party or some 
non-profit group. And your organization has been very helpful 
in identifying some justified reasons for allowing callers to 
withhold and hide caller ID info, such as people making 
anonymous tips to newspapers and legitimate investigations, and 
also women's shelters, for example. We now have an intent 
standard in the bill, and I am concerned that organizations 
making deceptive political calls using fake caller ID 
information would not be covered. Is it your understanding this 
bill would include non-profit or political organizations?
    Ms. Monteith. Well, I think that the standard deception is 
different than either fraud or to cause harm, and I think that 
the standard that has been articulated in the bill does clearly 
delineate between legitimate and illegitimate uses of spoofing.
    Mr. Green. OK, can you think of any legitimate reason 
someone or some group that is making hundreds or even thousands 
of calls on an automated system would use a false caller ID? 
And this is open to anyone. I guess because I think the bill is 
a great bill. In fact, I know it has been both my colleague 
counsel Eliot and ranking member Barton, I just worry that we 
are leaving maybe a loophole here that we are not going to 
address. And we will have to come back at some future time.
    Ms. Monteith. Well, again I think that the focus rightly is 
on the intent.
    Mr. Green. OK, and not the causes harm?
    Ms. Monteith. Well, either the intent to defraud or to 
cause harm.
    Mr. Green. OK, so the intent to defraud would be the 
primary, and then to cause harm is actually in addition to it. 
You don't have to meet both tests.
    Ms. Monteith. Right, the wording of the bill has an or. I 
would see to defraud as being more traditional fraud where 
there would be a calculable monetary damage that would be 
associated with it, whereas harm, I think, would be more along 
the lines of a physical harm to deal with some of the issues 
that I have read about in terms of safety.
    Mr. Green. OK. Well, I guess the fraud issue, because if 
again for example, the Democratic Party is only calling 
Republican primary voters, what would you think that would be? 
Would that be intent to defraud with their caller ID not 
showing it is the Democratic Party?
    Ms. Monteith. Well, again, I think that deception and fraud 
are two different standards. I won't try to make any kind of 
judgment on how the bill will eventually be interpreted; 
however.
    Mr. Green. We don't want anybody to interpret it. We want 
to put it in the language so they don't have to.
    Ms. Monteith. I mean I need further details on this.
    Mr. Green. OK.
    Ms. Monteith. At a later date, if you would like. Again, I 
would like to restate that EPIC does support the language 
either intent to defraud or to cause harm. We think that 
adequately makes a distinction between different uses.
    Mr. Green. But again someone could still be using local 
calls just to deceive, and because defraud they are not, I mean 
except for maybe selling them an idea instead of a product----
    Ms. Monteith. Well, again if that doesn't meet the language 
either to defraud or to cause harm, then it wouldn't be caught 
within the bill. And it would therefore be a legitimate use.
    Ms. Green. OK, thank you, Mr. Chairman. Thank you again.
    Mr. Markey. OK, and we look forward to working with the 
gentleman from Texas between the subcommittee and the full 
committee on his concerns. With that, the gentleman's time has 
expired. And again all time for questions by members of the 
subcommittee has expired, and this portion of the hearing has 
concluded. And we once again thank the witnesses for their 
excellent testimony, and we will recess for a minute while the 
witnesses clear the table. And our staff counsel can move into 
place so that we can begin a markup of this legislation.
    [Whereupon, at 3:28 p.m., the subcommittee proceeded to 
other business.]
    [Material submitted for inclusion in the record follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
                     Statement of Kris Anne Monteith

    Good morning, Chairman Markey, Ranking Member Upton, and 
members of the Subcommittee. Thank you for the opportunity to 
speak about the problem of caller identification (caller ID) 
spoofing.
    As you know, caller ID services let customers identify who 
is calling them before they answer a call by displaying the 
caller's telephone number or other information--such as a name 
or business name--on the customer's equipment before the 
customer picks up the phone. ``Caller ID spoofing'' refers to a 
practice in which the caller ID information transmitted with a 
telephone call is manipulated in a manner that misleads the 
call recipient about the identity of the caller. The use of 
Internet technology to make phone calls has apparently made 
caller ID spoofing even easier. The Commission is deeply 
concerned about reports that caller ID information is being 
manipulated for fraudulent or other deceptive purposes and the 
impact of those practices on the public trust and confidence in 
the telecommunications industry. We are particularly concerned 
about how this practice may affect consumers as well as public 
safety and law enforcement communities.
    In my testimony, I will first provide a brief technical 
background on caller ID spoofing. Then, I will describe the 
Commission's rules addressing caller ID services and the steps 
the Commission is taking to make sure that providers are fully 
meeting their obligations under the Communications Act and the 
Commission's rules and orders.
    As a technical matter, caller ID spoofing happens by 
manipulating the data elements that travel with a phone call. 
Phone calls on the public switched telephone network, or PSTN, 
are routed to their destinations by means of a specialized 
protocol called the Signaling System 7, or SS7. SS7 conveys 
information associated with a call such as the telephone number 
of the caller. The SS7 information for a call is provided by 
the carrier that the caller uses to place the call. Caller ID 
then displays that caller's number to the called party. Caller 
ID spoofing is accomplished by manipulating the SS7 information 
associated with the call.
    The Commission addressed caller ID on the PSTN in 1995 with 
rule 64.1601, which generally requires all carriers using SS7 
to transmit the calling party number associated with an 
interstate call to interconnecting carriers. The same 
Commission rule also requires telemarketers to transmit 
accurate caller ID information.
    The development of Internet and IP technologies has made 
caller ID spoofing easier than it used to be. Now, entities 
using IP technology can generate false calling party 
information and pass it into the PSTN via SS7. Caller ID 
spoofing can potentially threaten our public safety. For 
example, spoofers can fabricate emergency calls and cause local 
law enforcement and public safety agencies to deploy their 
resources needlessly. Caller ID spoofing can potentially 
threaten consumers. For example, spoofing can be used by the 
unscrupulous to defraud consumers by making calls appear as if 
they are from legitimate businesses or government offices.
    The Commission's Enforcement Bureau (Bureau) has been 
actively investigating the issue of caller ID spoofing since 
the summer of 2005 when information regarding junk fax spoofing 
came to our attention. To date, the Bureau has initiated 
investigations of twelve companies engaged in the marketing and 
selling of caller ID spoofing services to customers. One 
investigation resulted in a citation against a telemarketer, 
Intelligent Alternatives, for rule violations, including 
violations of the caller ID rules under section 64.1601. We 
have sent formal letters of inquiry to the other companies and, 
at the same time, served most of them subpoenas to compel them 
to respond to our inquiries. In some cases, we have issued 
subsequent letters of inquiry to uncover additional evidence of 
possible violations of the Communications Act.
    Our inquiry letters seek information about the companies' 
alleged spoofing methods, including detailed technical 
explanations and the types of technology utilized, the identity 
of other companies that assist in providing the spoofing 
services, the purpose for the services and information about 
subscribers, and whether the offered services can be used to 
spoof emergency services information or otherwise affect those 
critical first responders. We continue to seek relevant 
information to assist us in fully understanding these issues 
and whether violations of the Communications Act or our rules 
have occurred, but our enforcement options may be limited as 
some of these entities are not directly regulated by the 
Commission.
    At the same time, we have held meetings with numerous 
industry representatives, including wireline, wireless, and 
voice over Internet protocol (VoIP)-based companies, to 
determine the impact of caller ID spoofing on their consumers 
and networks. In addition, we have coordinately closely with 
state agencies, the Federal Trade Commission and other 
interested organizations, such as the National Emergency Number 
Association, regarding their efforts to address and identify 
solutions to this problem.
    The Enforcement Bureau is committed to continuing to gather 
and analyze information about these companies' practices, their 
networks, their businesses, their customers, and other germane 
information. In addition, as the Commission indicated to some 
members of this Committee last year, the Commission may not 
have sufficient authority to fully address this issue. Thus, 
legislation that clarified the Commission's authority in this 
area would be helpful.
    In conclusion, the intentional manipulation of caller ID 
information, especially for the purpose of fraud or deception, 
is a troubling development in the telecommunications industry. 
The Commission looks forward to working with this Committee, 
and other Members of Congress, to ensure the public maintains 
its confidence in the telecommunications industry. Thank you 
for the opportunity to speak with you today.
                              ----------                              


                       Statement of Staci L. Pies

    Thank you, Chairman Markey, Vice Chair Doyle, Ranking 
Member Upton, and members of the subcommittee. My name is Staci 
Pies. I am Vice President, Governmental and
    Regulatory Affairs of Point One, a VoIP provider, and 
President of the Voice on The Net or VON Coalition--the voice 
for the VoIP industry. On behalf of the VON Coalition, I thank 
the Subcommittee for the opportunity to testify about this 
important issue. Misleading people through the misuse of caller 
ID, whether for a prank, a scam, or worse, is unacceptable, and 
we thank the Committee for its leadership in addressing the 
issue. VoIP is burgeoning in popularity with consumers because 
it can do so much more than Plain Old Telephone Service. VoIP 
allows consumers to take control over their communications 
experience, to manage how they use those services and to decide 
when and where they want to receive calls. Lower costs, coupled 
with a seemingly endless list of new possibilities are making 
VoIP one of the hottest Internet and broadband technologies 
today. Internet voice communications is changing the way we 
communicate, stay connected to our friends, family and 
colleagues, and how we live. Today's VoIP services aren't 
simply a means to have a conversation; they're portals to a 
world of information that enriches the communications 
experience and adds new dimensions to the idea of 
``conversation.''
    Studies have shown that with the right policy framework and 
continued advancement, VoIP driven competition has the 
potential to save consumers more than $100 billion over the 
next 5 years. Families are gaining unprecedented independence 
as well as new flexibility and features not possible in 
yesterday's telephone network. Features such as choosing your 
area code, and the ability to use a VoIP service through any 
broadband connection are just some of the ways that consumers 
are benefiting. At the same time, connectivity, quality and 
reliability have improved to equal if not surpass that of the 
legacy phone network. For businesses, VoIP is lowering costs, 
increasing mobility, enabling collaboration, integrating voice 
and data in entirely new ways, boosting productivity by as much 
as 15 percent, and giving companies a competitive advantage.
    And the best is yet ahead. The next wave of VoIP driven 
benefits promises to facilitate revolutionary improvements in 
the way we communicate. Soon a voice component can be added to 
any type of device, application or service that uses a 
microprocessor or touches the Internet. Already, making a call 
can be just a click away. Consumers can pay less, but get more. 
Communication is no longer tethered to a specific device or 
location. Workers can take their work phone home to spend more 
time with loved ones. Our armed forces can video conference 
with families back home--no longer having to choose between 
serving their families or serving their country. Free 
downloadable software keeps far-flung families connected, and 
enables children to learn a foreign language and doctors the 
latest medical procedures from experts around the globe. By 
disconnecting voice from the underlying infrastructure, voice 
innovation can now take place at Internet speed.
    Many of the great benefits of VoIP to consumers and 
business users depend on accurate and non-misleading 
identification of the calling party. If I program my VoIP 
service to ensure that calls from my son's school are 
simultaneously rung on all of my phones, I don't want to answer 
it and find out that some telemarketer has spoofed the number 
to fool me into believing it is a priority call. And businesses 
that use caller ID to call up a customer's account record so 
that it is immediately available to the customer service 
representative won't find the record very useful if it is the 
wrong record because the caller ID has been spoofed. To protect 
the usefulness of their services, VoIP providers have a strong 
interest in having caller ID be accurate and nonmisleading.
    The VON Coalition has been at the forefront of promoting 
best practices to enable consumers to protect their personal 
data. For instance, the Coalition moved early to adopt and post 
consumer guidelines for protecting billing records. Since then, 
businesses that control personal data, consumers, and the IP 
industry have taken significant steps to self police fraudulent 
access to personal data.
    The VON Coalition agrees with previously presented 
Congressional testimony that callerID fraud perpetrators must 
be penalized. Strong action must be taken against those that 
intentionally spoof caller ID with the intent to commit fraud, 
deceive, harass or otherwise create threats to life and limb. 
Law enforcement should have the tools to protect U.S. citizens 
from criminals fraudulently manipulating phone numbers to 
engage in identity theft to commit financial crimes. Similarly, 
criminals that modify caller ID to commit other crimes, such as 
harassing or stalking victims, should be prosecuted swiftly and 
effectively. Spoofing to defraud or harass, or for unlawful 
commercial gain cannot and should not ever be condoned or 
tolerated.
    Congress is right to focus its attention on those who would 
do so. As Congress addresses deceptive spoofing, we urge you to 
keep in mind that the ability to change caller ID information--
where the purpose is not to fraudulently mislead or deceive--
has the potential to offer consumers a transformative 
communications experience. Policy makers
    must carefully balance the goal of thwarting harmful 
behavior with the public interest imperative to ensure that 
innovation flourishes and applications and services delivered 
over broadband are available to all Americans. The ability of 
consumers to control various aspects of their communications 
experience presents exciting opportunities for the disabled, 
offers unsurpassed privacy protection, and enables businesses 
and consumers to communicate in increasingly efficient and 
powerful ways. The ``Truth in Caller ID Act of 2007'' as 
written, effectively balances these two important objectives--
by facilitating prosecution of the fraud, while not thwarting 
or prohibiting innovative tools that have legitimate consumer 
empowering benefits. The bill recognizes, for example, that law 
enforcement may need to mask the true identity of an 
originating telephone number. This is not the only legitimate 
need to change caller ID information. I'd like to share five 
examples:
     First, VoIP services offer tremendous potential 
for persons with disabilities to communicate more effectively. 
VoIP integrates the phone, voice mail, audio conferencing, e-
mail, instant messaging, and Web applications on one secure, 
seamless network. Workers can use their PC, laptop, or handheld 
as a VoIP phone from virtually anywhere, with the same phone 
number, which benefits telecommuters, including those whose 
mobility is impaired and must work from home. One recent Web-
based application permits users to call any phone number in the 
US or Canada and the service reads to the called party the 
message that the originating user inputs into the Web-based 
form. Users of the application who are speech impaired can now 
send voice messages simply by providing a phone number to dial 
and their own caller ID. Similarly, blind users can now take 
advantage of instant messaging services where previously they 
would have been precluded from doing so because of sight 
limitations. Importantly, the user can input her home, mobile, 
or office phone number, regardless of where the user is located 
(or where the call originates) when she sends the message, 
something that would be prohibited by legislation that 
criminalizes any change in caller ID without a reference to 
intent.
     Second, one of the benefits of VoIP is that it can 
help a consumer better protect his own privacy and manage which 
of his personal information he presents to the world, 
irrespective of which communications device he utilizes to 
initiate a call. Consumers may want to direct return calls to a 
home or business landline, rather than a wireless number, for 
example. Calls for different purposes (personal versus 
business) may merit different telephonic return addresses, as 
one might do with ordinary mail. For instance, Web sites that 
allow consumers to post solicitations for lawful commercial 
purposes may also permit consumers to provide a temporary call 
back number that is different from their assigned caller ID. 
This beneficial privacy service may require a legitimate change 
in caller ID. One service explains the application in this way: 
``The desire to communicate can not be crippled by concerns 
about privacy. [This application] unleashes the true potential 
of a global community by making it a safer place.'' While these 
applications manipulate caller ID, they do so for privacy 
protection and security. The VON Coalition does not sanction 
masquerading as another for fraudulent or deceitful purposes.
     Third, there are some situations in which caller 
ID information can endanger individual safety. The classic 
situation is the battered spouse. In some instances, blocking 
the delivery of caller ID information might be sufficient. 
However, because technological innovations permit users to 
``unblock'' caller ID, any legislation, as well as law 
enforcement authorities, should be careful about presuming that 
blocking will always be adequate.
     Fourth, certain new communication services do not 
organically generate or transmit a traditional caller ID, but 
in order to connect to the public telephone network, the 
service may need to insert something that looks like a 
traditional phone number. Many of these innovative services, 
which offer tremendous new ways to communicate, do not utilize 
the same numbering and labeling practices as yesterday's phone 
services and should not be deemed illegitimate simply because 
the technology permits the caller ID to be changed. Users 
without traditional telephone numbers, users with several 
numbers, users wanting to move numbers to their calling device 
and network of choice--these users are all potentially affected 
by technology that decouples devices from the caller ID that 
effectively used to be the address of the phone, and such users 
do not intend to defraud or cause harm. H.R. 251 appropriately 
focuses on the right class of services.
     A final, exciting application that I will share 
with you today is the ability for consumers to make click to 
dial calls while viewing broadband-based content such as IP-TV. 
Utilizing such an application, a viewer can click a single 
button on his standard TV remote control and pull up a menu 
that offers a variety of products and services--ranging from 
news, games, fantasy sports scores, traffic, shopping, and 
entertainment, to billing applications. From there, the viewer 
can locate a business of interest in the area and can then 
click on a button that enables the viewer to speak to the local 
business through a VoIP connection. Although the call 
technically originates through the VoIP service provider, the 
viewer can input his own caller ID for call-back purposes. Such 
innovative and rich communications experiences should not be 
eliminated through overly broad legislation or regulation.
    I'd like to close with three additional thoughts. First, 
spoofing of caller ID is not new. Tools have been widely 
available for years to spoof caller ID on traditional networks. 
One method, sometimes referred to as Orangeboxing, offers the 
ability to spoof caller ID using a downloadable sound and a 
common tape recorder. Moreover, many large businesses operating 
a PBX system have, for quite some time, ``spoofed'' caller ID 
so that it appears as if all calls originating on the PBX come 
from the same central number. Second, fighting fraudulent and 
deceptive changes in caller ID is only part of the solution. 
Companies handling sensitive customer information must also 
make sure they are handling that information with care. While 
caller ID can help a business retrieve a customer's account 
record, as long as caller ID can technically be spoofed (which 
will be the case even with new legislation) the business needs 
to handle disclosure of those records with the utmost care--
making consumer privacy their top priority. One security expert 
explained the technology is not to blame for the fraudulent 
use. Society is. Society has grown far too reliant on caller ID 
as a form of identification. Both individuals and corporate 
America use caller ID to decide whom to trust. Unfortunately, 
too many individuals have suffered because of this misplaced 
trust. As Chairman Dingell and Ranking Member Barton recognized 
in introducing ``The Prevention of Fraudulent Access to Phone 
Records Act'' to prohibit pretexting of phone records and to 
enhance security requirements for customer proprietary network 
information, it is incumbent upon companies that are entrusted 
with personal information to do more to protect the privacy and 
security of their customers.
    Third, misleading people through the misuse of caller ID, 
whether for a prank, a scam, or worse, is unacceptable. This 
committee is right to focus on those who intend to mislead. At 
the same time, though, legislation should not impose liability 
on traditional carriers and VoIP services providers who merely 
transmit what may turn out to be fraudulently altered caller ID 
information. Policy makers should not be mislead into believing 
that technology innovators are to blame for criminal behavior. 
Networks and network service providers may be unable and should 
not be required to become ``content police'' or to discern 
legitimate and illegitimate uses of network services. Instead, 
service providers are best able to assist in the efforts to 
fight spoofing by keeping accurate records and making those 
records available, as appropriate, to proper authorities.
    In focusing on those few people who would abuse caller ID 
technology, Congress can address the very real problem of 
deceptive spoofing effectively, in a cost-efficient manner that 
protects the proper use of this technology, and enables 
competitive and transformative innovation. VoIP service 
providers, who have made real strides in leveraging the power 
of the Internet and caller ID to provide robust services to 
consumers, fully support measures to protect the integrity of 
caller ID functionality. Together with this Committee's 
efforts, the proliferation of VoIP services will create 
unsurpassed opportunities for consumers and even greater growth 
in broadband services. The VON Coalition believes that VoIP is 
positioned to help make communicating more affordable, 
businesses more productive, jobs more plentiful, the Internet 
more valuable, and Americans more safe and secure.
    Thank you very much. I am happy to answer any questions.

                                 
