911 service not prepared for new generation of pranksters

First, I don't believe 911 (or inward 800) use 'caller id', but rather a more secure ANI to get the calling number.

Second, if any VOIP system is unable to provide a proper ANI and meet all other existing standards, it should be forbidden to connect to the POTS network. It's up to VOIP to modify itself to be compatible with the existing network. It's utterly not fair to expect users of the existing network to pay extra to modify it to accomodate newcomer VOIP.

Third, I believe almost all 911 centers record all calls and have done so for years. Thus, pranksters leave some identification behind.

How much of the ANI can be spoofed given that the line is connected to a large company PBX (say, that of a telemarketing company with no morals) that is somewhat trusted by the telco systems?

How do you stop them? There are apparently some VOIP-gateways registered in E.164 for public use, and many of them don't seem to care much about the ANI information supplied (since they are routing to 800 numbers, billing isn't an issue) and run apparently by phone companies. Do those have to be secured or shut down?

What I'm not sure about is whether these permit dialing "911", and if you do, where the call goes. 800 numbers, though, are apparently easy to route. If I were a prankster intent on doing something illegal, I would *NOT* count on the gateways not having any IP logs.

VOIP seems to allow provider-free (by this I mean there is no VOIP provider like Vonage or Skype - somewhere there is an internet service provider) operation so some kid setting up Asterisk on his desktop, or just programming an unlocked $100 VOIP phone, and these people may not even *HAVE* proper ANI, and maybe can't even get it. It also seems to allow private phone operation that doesn't connect to POTS, which might be fine with the usual bad guys like terrorist groups, drug dealers, and some spread-out company with a lot of call volume that wants to avoid a lot of fees and taxes.

I wonder if any of them have done things like setting up a text-to-speech converter using only clips from presidential news conferences or campaigns so a voiceprint analysis would match Bush or Obama. Or your favorite TV newscaster.

The FCC established part 9 of its rules in 2005 mandating E911 capability for VoIP services that interconnect to POTS (see

However, these rules are aimed at making sure 911 works when someone picks up a phone, not a computer. The rules define a VoIP service as (among other things) "(3) Requires Internet protocol-compatible customer premises equipment (CPE); and (4) Permits users generally to receive calls that originate on the public switched telephone network and to terminate calls to the public switched telephone network." This appears to exempt services that do not provide a POTS number to receive calls and services that use a computer instead of VoIP adapter.

Harold

I wondered the same thing. Of course, the 911 center probably gets the ANI of the land line that connects the VOIP call to the network. That is certainly legitimate, and it shouldn't take much to identify the VOIP interconnect numbers in a given 911 service area.

It should not be too hard to back track from the ANI of the interconnect with time and date info to the actual caller for prank calls. I'd be more concerned about *real* emergency calls, and getting real address information. If the ANI just identifies some interconnect facility in some switch room, that's not too useful. If the call center *also* gets 'caller id' info with the real caller's address then that's sort of OK, and I wonder if not being 'caller id' capable is the thing that makes some centers unready.

A few well publicized presecutions of VOIP companies that fail to cooperate with 911 centers to identify pranksters should put a stop to most of it. It wouldn't take much programming effort to disallow ANI/caller id spoofing on any call to 911.

Bill Ranck Blacksburg, Va.

In snipped-for-privacy@vt.edu writes: [ snip ]

The PSAPS (Public Safety Answering Positions, AKA 911 centers) and their political overlords aren't entirely blameless here.

It should be trivial, and should be mandatory... that any call coming into a PSAP from a "questionable", for want of a better term, source, get a Big Note on the screen saying something like "this caller is from a questionable source. Make sure you triple check any and all info".

While that wouldn't eliminate all spoofs, it would dramatically reduce the concerns.

Alas, 911 centers are woefully underfunded. In most localities there's a "911 surcharge" that's added to phone lines, supposedly to be dedicated to the PSAPs and their upkeep.

(Let's leave aside the whole issue of whether there even should be such a special charge as opposed to funding from the regular tax revenue stream).

In reality, in the vast majority of cases, that money simply goes into a general gov't fund and gets diverted as the winds blow that day.

The exempti>It also seems to allow private phone operation that doesn't connect

The rest of us pay those fees and taxes where the others get a free ride. That's not fair and bad public policy.

This nonsense policy of "encouraging competition" or "new technology" is not in the public interest and is a convenient excuse by cream skimmers and cheap outfits to save money at the expense of the rest of us, and reduce the quality of our network service.

Good idea.

911 centers are not new. Even before the telephone, public safety agencies had callboxes and dispatching centers, first using telegraph, then voice, to handle requests from the public to dispatch units. Who paid for the dispatchers before the use of "911"?

Also, before 911 Bell System operators often acted as an intermediary in forwarding emergency requests. A person could dial zero, tell the operator "Help! My house is on fire at 1234 Main St!", hang up, and the operator would then call the fire department and pass along the information. The old Bell System was once proud of this service and honored operators who helped little kids and others in emergencies. Costs were paid by the telephone company. (Today baby Bells strongly discourage dialing zero in an emergency and other carriers probably don't even answer '0' calls).

Unfortunately, cheapo business people providing cut-rate services play the odds knowing the chance of getting in trouble are very low. That's why so many telemarketers blantantly violate the rules--they know it's very hard for a consumer to make a complaint that the authorities will pay attention to, and then, act on it.

The only way to ensure strict compliance is to aggressively enforce the rules and 'pull the plug' of VOIP or any other providers who fail to comply. When their subscribers find the network is blocked to them they'll start screaming and the VOIP operator will either get it fixed or be out of business.

Monty Solomon wrote in :

My take on what is happening:

- Telco systems are used to having a high level of trust in the data presented via connections with other phone systems. Why? Billing is based on this data so any dispute about the data presented via the connection is a disagreement about money and fixing it was paramount.

- The main protocol used by VOIP applications, SIP, is a protocol that can be used for connections to end terminals (phones) but also for connections between exchanges. Caller-ID is one of the things the caller can tell the other end, the other end has the option to ignore this information.

- Some VOIP providers accept the transmitted caller-id information from their clients and forward the given caller-id to the (SS7?) networks of the telephone companies. As long as they get paid for the minutes, they don't care much.

Koos van den Hout

But he was CAUGHT, and investigators were able to determine that he'd made 185 such calls. It sounds like the problem isn't as big as it's portrayed in the story. So, what's the problem now?

A widespread problem, as reported by Newsweek, is that VOIP subscribers aren't in the 911 database. So when they need help and can't provide their address, help is delayed. Further, the call may be routed to the wrong 911 center. There have been many instances where someone living on a suburban street with a common name (e.g. "Bluebird Lane") called for help and fire trucks were sent to a Bluebird Lane in a different community. Part of the problem is that today's 911 centers serve large geographic areas where it's impossible for the operators to know every street and street names are duplicated in different towns.

I will note that (at least in my area) 911 centers can transfer a call to a different center. For example, when I'm using a cellphone near a state border and my call goes to the wrong center, they transfer me to the desired one.

The problem is that it could have been done in the first place. It took time to locate the person who did the fraud, put emergency services and the public in danger; remember people were forced out of their house and treated as if they had just killed 5,000 people.

The problem is, that arrest was likely long after the SWAT teams kicked in the doors, shooting.

The more often they do, the more dead people.... and pets. Look at case in Berwyn Heights where they murdered the *mayor's* dogs. Or the one I just saw where the homeowner is on trial for murder after he shot an armed intruder... who turned out to be a cop.

911 operators are not necessarily all that careful about getting the location straight when the caller SAYS he's at a different location than the emergency and makes it very clear that there's a difference. Example: once during a lunch break some fellow employees were looking out over downtown Dallas from a high floor of a downtown office building. One of them spots a large burst of flame and lots of smoke, along with hearing a loud bang, coming from a building on the edge of downtown and he calls 911. He describes it as best he can: something like "about 200 yards north of the blah blah exit of 35E, on the east side. A sign on the top of the building says FooBar Corp.". Guess where the fire trucks show up? At the downtown office building, even though the fire is at least 30 blocks away.

I seem to recall reading that the one who shot the cop was found not guilty.

The story about the Mayor's dogs was terrible though.

We had this problem among our three offices. One was served by an MCK tied back to the Prologix switch. If they dialed 911 the services would be dispatched to the main location, not the remote location.

In my opinion, the telecom aspect of this story is secondary. The important lesson to be learned here is that police in the US are becoming more and more willing to send SWAT teams to kick in people's doors in the middle of the night for trivial reasons. Even if someone at the Mayor's house really had been a drug dealer, police should make their arrests during daylight and without excessive force unless they have a good reason to believe their target is armed and would fight them.

Probably the only reason our founders didn't write such restrictions into the Constitution is that they couldn't imagine the US government ever getting that out of control. But now it has, and I think we need to amend the Constitution to put a stop to it.

Not saying the police were right or wrong in this case, middle of the night raids are needed for the safety of the police and for protection of others. When a person who is wanted and considered dangerous the arrest is made no matter what time it is.

Bill

They use the ten digit out of area lines at the 911 center to transmit their false calls. Maybe Bill, who worked a lot on signaling system seven, can educate us on what it might take to nail down the callers actual identity. As just one firefighter rescuer I worry a lot more about calls not getting through then about pranksters but if the problem gets more common they will strain resources badly.