[falcolas]

Long story that I’m not fully familiar with short: the phone system suffers from the same trust issues that the internet does. That is, it wasn’t designed with things like adversarial users in mind.

EDIT: Am I incorrect in this statement? I'd love more feedback.

[SilasX]

Right but in this case it was unproxied VoIP, right? It should be easy (in the sense of not requiring a forced universal protocol upgrade, I mean) to at least protect against this kind of attack — a caller from an LA IP claiming to be in Kansas.

[falcolas]

There is another story happening in parallel to this where the Police arrested the wrong person based off the IP in use. IPs are just too ephemeral to trust for any form of location data.

Not to mention the caller chose to call a line which would normally not have a lot of need for those protections, in comparison to 911.

[SilasX]

Any form of location data? Not even to distinguish LA vs Wichita?

[johansch]

"IPs are just too ephemeral to trust for any form of location data"

That is just policy decision. It would, for example, be possible to declare that no single IP should be used for more than two customers during a single X hour block.

[falcolas]

A policy decision by whom? Specifically, how do you do this when IP spaces are controlled by various unfriendly countries around the world? Politics aside, the required technical coordination would be a nightmare. We can barely handle BGP without conflicts as-is.

IPv4 space is also quite limited, and new devices are popping onto networks all the time. I'm not even sure a IP time window is feasible without a full move to IPv6 - something that policy makers have been trying to push on for years without success.

[johansch]

>A policy decision by whom?

By your government?

> Specifically, how do you do this when IP spaces are controlled by various unfriendly countries around the world

You begin a "911-certified program" that requires your local ISPs to register their IP ranges with some central authority. The rest is a bunch of detailed but solvable details.

Your idealism when it comes to making this seem more complicatated that it really is seems misplaced.

[Canada]

Your suggestion just isn't realistic when you look at how VoIP systems work in practice. What you usually have are SIP clients talking to SIP servers which then involve a bunch more servers and proxies and a slew of other protocols. SIP traffic from the endpoint and the associated RTP stream could be tunneled, often for very good reason. You can't prevent that with any kind of IP registration scheme because then the client can't roam which defeats the best reason to deploy VoIP in the first place. Providers are routing calls dynamically for reliability and cost reasons. Sometimes when you ask a server to terminate a call it just redirects it elsewhere. Even endpoints can arbitrarily redirect calls.

Ultimately none of the providers involved can know where either end of the call is. We can't even know their IP address for certain, let alone their physical location. What we have for 911 is a form where the customer declares their physical address and a disclaimer warning the customer that should they move then emergency calls will not be routed to the most appropriate call center and the operator will get the wrong address.

There's absolutely nothing we can do to prevent malicious people from abusing it. Any attempt to do so would result in honest users being unable to call for help in emergencies causing far more harm than the abuse we're trying to prevent.

[falcolas]

WRT "just get the government to do it" US federal legislation, specifically not that driven by "terrorism" or "protect the children" (and we don't want any legislation under either label) tends to take years to go from initial idea to law. That doesn't count the years which would be added for compliance. Or the charter and formation of the "central authority".

If we started today, we might get such a law in action sometime in the mid-2020's, at which point ISPs would have switched to IPv6 just to avoid the legislation. You know, maybe it would be a good idea after all /s

My "idealism" is probably better called "pessimism", and is based off a couple of decades watching well-meaning legislation be mangled beyond repair by politicians and corporations, at the city level.

People are complicated and irrational. People in politics are even more complicated and seemingly irrational, since even the best politicians have to balance the wants and needs of thousands of people and the businesses who employ those people. Politicians at the federal level are even more complicated, since they have 50 states, a number of territories, and gigantic corporations to consider.

Even influencing a completely honest political group to do what everyone agrees is the right thing takes a significant amount of time, money, and effort. And if we're honest, they aren't all completely devoted to their constituents, and won't agree that it's the right thing to do.

[johansch]

I agree; it should be technically trival to implement this. All of my comments along the lines of this are wildly downvoted though; I'm not quite sure why. Maybe privacy cowboys?

[johansch]

Well, then, fix it.

[falcolas]

Sure thing. Let me switch industries, learn a completely new skillset, and rise to a point of power where I can affect such widespread (cross-state and company) changes. Shouldn't take more than a few months.

/s

[johansch]

Well, I do agree. I shouldn't take more than a few months to fix this. I don't live in the US, but I get the feeling something is terribly wrong with the way you're handling such a basic thing as a phone call, be it VOIP or not.