HB 308 - CALLER ID HACKERS 2:38:26 PM CHAIR McGUIRE announced that the first order of business would be HOUSE BILL NO. 308, "An Act relating to false caller identification." [In committee packets was a proposed committee substitute (CS) for HB 308, Version 24-LS0779\F, Bannister, 1/25/06.] 2:38:40 PM TIM MURPHY, Congressman, U.S. House of Representatives, relayed that in October, 2005, his office in Pittsburgh received nearly 100 calls from constituents who'd received recorded phone messages that were politically critical of him; what was of particular concern was that the caller identification (ID) number that appeared on the constituents' phones was that of his congressional office. He went on to say: Needless to say, the calls did not come from my office, and my constituents were confused, annoyed, and asked me to stop making the calls. Their complaints, in fact, tied up my phone line in my district office for a good two days. The calls stated, in their recording, that they were sponsored by an unknown group called, "We the People" that have lobbed similar calls from the districts of my colleagues in Congress. Stealing, masking, or otherwise altering one's caller identification is certainly a deceptive, unaccountable practice that exasperates citizens. When these calls are directed at elected officials, these anonymous attacks also undermine the political process, which is [an] important part of the democracy. And those who commit caller ID fraud for political reasons are essentially the snipers of politics because they anonymously fire attacks at candidates and public officials without accountability or the possibility of a truthful rebuttal. As it turns out, the information they were providing in these calls was false. What's important to bear in mind is, I think they're motivated by the idea that if they convince 1 out of 100 people that they call, these fraudulent callers would likely consider their campaign a success, and that's why they continue to do that - they don't really care how many constituents they've bothered along the way. But consider the effects of the false use of caller ID in other areas. Past federal and state efforts to block unwanted phone solicitations with do-not-call lists [were] ... supposed to provide some privacy for citizens, but when someone hijacks your phone number, they can bypass that protection. In the U.S. House [of Representatives], I'm working, now, with my colleagues, to enact legislation that stops those who engage in this misleading [indisc.]. Why? Because of some of the problems it causes. The reason to enact a law to penalize caller ID fraud is not just ... to protect politicians, but ... to protect American families, because illegally using another person's phone number could have limitless unlawful applications, including being used for physical threats to other citizens, businesses, schools, and so on. And of course it doesn't take much imagination to understand how dangerous this ability could be for unlawful people: criminals seeking personal financial information from citizens by falsely using a bank's phone number; a pedophile stalking children using a school's phone number; ... a sexual predator using a doctor's office phone number; [or] a terrorist making threats from a government phone number. So I salute your efforts to fight back against caller ID fraud perpetrators, and I'm going to continue my work to enact caller ID fraud protection for all Americans. In the meantime, I'm pleased that my good colleagues in Alaska are working hard at this and really setting up a pace of leadership for our nation that the rest of the states should follow, and urge your considerations to enact this bill to protect all Alaskans. CONGRESSMAN MURPHY, in response to a question, relayed that he represents the 18th congressional district of Pennsylvania. REPRESENTATIVE KOTT asked what kind of sanctions or penalties are being proposed via the aforementioned federal legislation. CONGRESSMAN MURPHY said they were still exploring options, options such as levying a fine for each instance of a call; researching how the Federal Communications Commission (FCC) proposes to deal with this issue; or adding a fine on top of some other criminal penalty. Using fraudulent caller ID numbers is not a matter of free speech, and the goal is to protect people from those that would use such numbers for criminal purposes. 2:44:01 PM REPRESENTATIVE KOTT moved to adopt the proposed committee substitute (CS) for HB 308, Version 24-LS0779\F, Bannister, 1/25/06, as the work draft. There being no objection, Version F was before the committee. 2:44:30 PM REPRESENTATIVE BOB LYNN, Alaska State Legislature, sponsor, said that one should be careful when looking at the name and number provided by a telephone caller ID mechanism because they could be phony; the fraudulent use of names and numbers in this manner could be part of a joke, but it could also be part of a criminal activity. A child molester could be calling one's children, or a person could be claiming to be the police or a school official or one's doctor's office. Someone could use this form of fraud to destroy another's good reputation. The power to create serious mischief with caller ID "spoofing" technology is almost unlimited, from simple pranks, to spying, to telemarketing, to fraud, and to enticing victims to dangerous locations. REPRESENTATIVE LYNN opined that although the FCC and the Federal Bureau of Investigation (FBI) are most often the entities dealing with caller ID spoofing, Alaska can take steps by publicizing the threat and making it a class B misdemeanor to insert false information into a caller ID system. The bill, however, does contain an exemption for municipal, state, and federal law enforcement agencies. He concluded by asking for support for the legislation. 2:48:06 PM DIRK MOFFATT, Staff to Representative Bob Lynn, Alaska State Legislature, sponsor, added on behalf of Representative Lynn that a "spoof card" - a sample of which has been provided in members' packets - can be purchased for between $10 and $40, and that such cards allow the caller to change the number that is displayed on someone else's caller ID system or even change the sound of the caller's own voice; if one can use a calling card, one can "caller spoof." REPRESENTATIVE KOTT asked what the penalty is for impersonating a police officer. REPRESENTATIVE LYNN said he didn't know. REPRESENTATIVE KOTT questioned whether it is a crime to impersonate others, particularly those in positions of authority. He offered his belief that under certain circumstances, a class B misdemeanor is too low a penalty, and asked the sponsor whether he'd given thoughts to increasing the level of penalty should one be caught attempting to impersonate a police officer via fraudulent caller ID technology. For example, a person could call up a homeowner, claim to be a police officer, instruct the homeowner to vacate the home for a specified period of time, and then burgle the home during that timeframe. Could a higher penalty be imposed if such a person were caught before the successful completion of the burglary if fraudulent caller ID technology was used? REPRESENTATIVE LYNN said he is assuming that there is a penalty for impersonating a police officer, or, if there isn't one currently, there certainly should be. He characterized the use of spoofing technology to impersonate a police officer as more egregious behavior than if such technology were used to impersonate some other type of person, and thus he would be friendly towards any amendment that would raise the penalty for impersonating a police officer via the use of fraudulent caller ID technology. CHAIR McGUIRE noted that there are statutes pertaining to criminal impersonation in the first degree and criminal impersonation in the second degree - AS 11.46.565 and AS 11.46.570: Sec. 11.46.565. Criminal impersonation in the first degree. (a) A person commits the crime of criminal impersonation in the first degree if the person (1) possesses an access device or identification document of another person; (2) without authorization of the other person, uses the access device or identification document of another person to obtain a false identification document, open an account at a financial institution, obtain an access device, or obtain property or services; and (3) recklessly damages the financial reputation of the other person. (b) Criminal impersonation in the first degree is a class B felony. Sec. 11.46.570. Criminal impersonation in the second degree. (a) A person commits the crime of criminal impersonation in the second degree if the person (1) assumes a false identity and does an act in the assumed character with intent to defraud, commit a crime, or obtain a benefit to which the person is not entitled; or (2) pretends to be a representative of some person or organization and does an act in the pretended capacity with intent to defraud, commit a crime, or obtain a benefit to which the person is not entitled. (b) Criminal impersonation in the second degree is a class A misdemeanor. REPRESENTATIVE KOTT surmised, then, that under AS 11.46.570, the person could be charged with a class A misdemeanor. CHAIR McGUIRE concurred, but noted that HB 308 provides for a class B misdemeanor penalty. REPRESENTATIVE COGHILL said it seems as though it would be difficult to either prove a person used fraudulent caller ID technology, or to track down someone who has used it. REPRESENTATIVE LYNN suggested that it might be possible to backtrack to the person who is using such technology. CHAIR McGUIRE, in response to questions, pointed out that HB 308 provides for a mental state of "knowingly," and surmised that someone might be charged with this particular crime once another crime is committed or a complaint is received and the victim reports that he/she received a phone call from someone who turned out to not be the person listed on his/her caller ID system. For example, one could report that one's child is getting repeated phone calls from someone who seems to be using fraudulent caller ID technology, and then that situation could be investigated by law enforcement. REPRESENTATIVE COGHILL pondered whether they were creating a crime that can't be enforced. REPRESENTATIVE GARA acknowledged that this type of crime could be very hard to prove, but offered his understanding that a fraudulent caller ID would be recorded on a caller ID system and so someone might be caught in that fashion. CHAIR McGUIRE remarked that "knowingly" is a high standard. 2:57:07 PM ROBERT DOUGLAS, PrivacyToday.com, relayed that he's spent the last nine years as an information security consultant, specifically examining information brokers and others who use various types of deceit in order to obtain personal information and, in many cases, sell it on the Internet. He mentioned that he recently testified in the House and Senate of the U.S. Congress on [certain] issues, including the issue of caller ID spoofing. Mr. Douglas said that he would like to adopt the comments made by Congressman Murphy and Representative Lynn and point out that the services are being used at a substantial volume. Furthermore, there are investigations underway and although those investigations are in their infancy, it's evident that these services and devices are being used successfully to deceive both consumers and American businesses into divulging proprietary and personal information. MR. DOUGLAS said that these devices are also being used against banks, companies, and the military. Furthermore, they are used in corporate espionage, defeating the federal and state "do not call" lists, and by pedophiles and stalkers. He then referred to a case that occurred in New Hampshire in which deceit was used in a murder case. He explained that a woman named Amy Boyer was stalked by a number of years by a Liam Uen. Mr. Uen was documenting the stalking and his intent to kill Ms. Boyer and others. Moreover, Mr. Uen went to a number of information brokers to obtain personal information about Ms. Boyer in order to assist him in conducting the murder. Mr. Uen used a company that called Ms. Boyer's mother pretending to be an insurance company that had a refund for Ms. Boyer that needed to be processed through her employer. Ms. Boyer's mother thought it was a legitimate request and turned over Ms. Boyer's work address. Within weeks, Ms. Boyer was gunned down at her place of employment. MR. DOUGLAS opined that the aforementioned example graphically illustrates that if these services can be used to convince the recipient of a phone call that they are from an organization to which the information can be legitimately released, the more likely they are to succeed. He posited that there is really no legitimate purpose for these services, and therefore he applauded the introduction of HB 308. REPRESENTATIVE GRUENBERG referred to page 1, line 6, and offered his belief that a national security agency may potentially have to do this. Therefore, he questioned whether the language "or national security agency" should be inserted after "law enforcement agencies". 3:02:09 PM REPRESENTATIVE LYNN said that he would accept the aforementioned as a friendly amendment. REPRESENTATIVE GRUENBERG made a motion to adopt Conceptual Amendment 1, to insert, on page 1, line 6, after the words, "law enforcement agencies", the words, "or national security agencies". There being no objection, Conceptual Amendment 1 was adopted. CHAIR McGUIRE, after ascertaining that no one else wished to testify, closed public testimony on HB 308. REPRESENTATIVE GARA said that he couldn't think of any unintended consequences of this legislation, but suggested that some thought be given to any possibilities. He surmised that political polls would be swept in by this legislation as well, which he said may not be a bad thing. He then said that the legislation should be moved out of the committee. REPRESENTATIVE LYNN pointed out that HB 308 addresses the utilization of an actual device that can be purchased at various stores. He also pointed out that those performing polls do so using a regular telephone call. 3:04:42 PM REPRESENTATIVE ANDERSON moved to report the proposed CS for HB 308, Version 24-LS0779\F, Bannister, 1/25/06, as amended, out of committee with individual recommendations and the accompanying zero fiscal notes. There being no objection, CSHB 308(JUD) was reported from the House Judiciary Standing Committee.