[geocar]

> I would really love to hear a telecom engineer explain why the true origin info isn't accessible to the called person. A telephone call is a two-way connection -- the path in both directions must be known otherwise you won't have a two-way conversation.

Telephone isn't really like IP routing. If D wants to call P, the connection might get set up like this:

    D -> K -> H -> V -> P

P only knows that they are speaking to V, and D only knows that they're speaking to K.

See what happens is D sends a message called "Call Request". This creates a channel id (D,C1) between D->K. K will then create it's own "Call Request" with it's own channel id (H,C2) which tells H to bill K for this call. Only K will know both the channels C1 and C2 and will bridge them internally. When H makes a "Call Request" to V, it has it's own billing arrangement with V and they agree to simply count calls, so H doesn't actually forward anything except the channel id (nil,C3). V gets away with this because the wire is clearly marked with "K TELEPHONE INC". Eventually P gets an "Incoming Call" message with it's channel id (P,C4), and can accept the call or reject it. If he accepts it, then each party will send "Accept Call" messages back down the chain.

These channel ids are used to actually carry the phone call (or data packets, or whatever).

"Caller ID" isn't the "source of the message", just some data transmitted along with the ringing sound, and as you can see the circuit doesn't have a globally unique identifier. If someone doesn't transmit who to bill, then nobody will get billed for that call (and maybe nobody will be!) but V doesn't want to send bills for this call all over the country so V only sends bills to a few carriers and its own customers.

All the bills have the "correct calling numbers on them" because of some extra billing data that's included in the call. This billing data might be omitted (the bill says "NUMBER BLOCKED"), and it clearly isn't required to establish the call. People can ask their phone company to ignore calls that have a blocked number.

Phone companies used to trust each other not to spoof this information, and now that calls from certain numbers aren't usually billed differently than from any other numbers, this doesn't cause a problem with billing -- only with people who seek to use "making a call from" an authentication method.

[pbhjpbhj]

>"Caller ID" isn't the "source of the message", just some data transmitted along with the ringing sound, and as you can see the circuit doesn't have a globally unique identifier. //

The companies could enforce the side channel info as the actual call origin, but they don't want to. Just like snail-mail spammers they're paying more money than residential customers will pay to require that info.

It's broken because it serves the purposes of the phone companies to keep it that way. This is what you get by detaching profit from ethics.

I'd settle for my phone company dropping calls with spoofed caller ID - like 0, my own number, foreign calls with local numbers, local numbers that don't even terminate, etc..

Indeed I think origin should be legally required even if it's "K phone network" - I don't mind blocking all calls via companies that service spammers.

[geocar]

That you say it easily doesn't mean that it's easy to do.

The current telephone infrastructure wasn't designed. It grew: Verifying a call would involve either tying up an additional channel back (doubling the cost of the infrastructure), or replacing (parts of) the infrastructure with something better designed- like a TTL "ping" packet going backwards to verify the route on the original channel. Getting everyone to change their hardware is hard. Just look at how long it's taking to get IPv6 out.

Fortunately, tracing a call isn't like television: You do not have to "keep him talking". You can ask the phone company to research the calls made to your number at a specific time, and in the process of reconciling billing, the phone company can find out, and then you can use the judicial arm to deal with people who spoof the calling number.

[pbhjpbhj]

>Verifying a call would involve //

I'm not specifically wanting call verification I'm wanting them to detail origin if they have it (they can use the callerID field to forward that information to me) or to refuse to route calls that are clearly spoofed. If the callerID is 0 then the phone company knows it's spoofed and can block it, but they don't get paid for that - that's the only reason I can come up with for them to forward calls that have certain incorrect origin information. At least when I look at the callerID display and it says my number I know that it's not possible that call is anything other than spam - why would a company choose to forward such calls if not for the money they get for doing so?

>You can ask the phone company to research the calls made to your number at a specific time, and in the process of reconciling billing //

Are you telling me that at the point the company decides to carry a call from an external source they don't know if they're going to be able to bill that company for the call? Surely they know the network origin of the call - they at least know the hard infrastructure it's arrived at their periphery from, they have to right?

So when I get a foreign call centre spammer on the line the company knows at the very least that was forwarded to them from, let's say, France Telcom [made up example] and could give me that info in the callerID field.

[geocar]

> I'm not specifically wanting call verification I'm wanting them to detail origin if they have it (they can use the callerID field to forward that information to me) or to refuse to route calls that are clearly spoofed.

The phone company that provides you service simply does not have this information at the time of the call. They only know for certain who to bill. Changing this requires replacing a lot of deployed equipment.

Furthermore, it is already illegal to spoof caller ID in the USA[1], and the UK[2] and elsewhere.

You can indeed tell your phone company to reject calls without caller ID, and indeed from various switches. If one gets through, you will need to note the time that you received the call and file charges with the authorities.

The phone company will then research the call, and produce for law enforcement who in fact made the call.

> If the callerID is 0 then the phone company knows it's spoofed and can block it, but they don't get paid for that

You are confused: The callerID field (aka "presentation number" in the UK) is in-band and transmitted by the calling station, the billing field is out-of-band and transmitted by the receiving station's "next hop". It is also not normally presented to the callee, although with a special kind of connection you can receive it.

> when I look at the callerID display and it says my number I know that it's not possible

You should contact law enforcement. This is a crime.

> Are you telling me that at the point the company decides to carry a call from an external source they don't know if they're going to be able to bill that company for the call?

Yes.

Your phone company doesn't bill the caller. They only bill the other phone company that handed them the call.

> Surely they know the network origin of the call

The "network origin of the call" as you put it, is the phone company that handed them the call. It is not the person who dialled the number.

Even if all of the phone companies are really one (limited) company, the individual switching offices don't send this information down with the call for efficiency reasons.

> So when I get a foreign call centre spammer on the line the company knows at the very least that was forwarded to them from, let's say, France Telcom

No. "The company" only knows the company that switched them the call. It takes research to work out who actually made the call that is normally distributed by separate offices because it's more efficient.

[1]: https://en.wikipedia.org/wiki/Caller_ID_spoofing#United_Stat...

[2]: http://stakeholders.ofcom.org.uk/telecoms/policy/calling-lin...

[zeroxfe]

Nice speech, but creating a new side channel on the PSTN is really hard to do. It requires standardization and the coordination of telcos, operators, device manufacturers, world-wide, many of which only have partially digital networks. (Think about how hard it would be to add a new field to TCP.)