[Infowarrior] - New Google Service Will Manipulate Caller-ID

Richard Forno rforno at infowarrior.org
Sun Nov 19 01:03:42 EST 2006 

New Google Service Will Manipulate Caller-ID
http://lauren.vortex.com/archive/000200.html

Greetings. Google has made available a new "Click-to-Call" service that will
automatically connect users to business phone listings found via Google
search results.

In order for this feature to function, the user must provide their telephone
number so that Google can bridge the free call between the business and the
user (including long distance calls).

An obvious issue with such a service is that there is no reasonable way to
validate the user phone number that is provided. Google says that they have
mechanisms in place to try avoid repeated prank calls, but the potential for
abuse is obvious.

Of even greater concern is that Google says that it will manipulate the
caller-ID on the calls made to the user-provided number, to match that of
the business being called. This is extremely problematic, since it could be
used to try to convince a prank target that they were being called directly
by the business in question, and so cause that target to direct their anger
at the innocent business. In the case of targets who are on do-not-call
lists, it is possible to imagine legal action being taken by callers upset
that the business in question called them "illegally," though in fact the
call had been made by the Google system.

Google's explanation for this caller-ID manipulation is that it would be
handy to have the called business number in your caller-ID for future calls.
That may be true, but the abuse potential is way too high. Caller-ID should
never be falsified.

I've written many times about how caller-ID can be manipulated to display
false or misleading information, why this should be prevented, and how the
telcos have shown little interest in fixing caller-ID or informing their
customers about the problem (caller-ID is a cash cow for the telcos whether
it is accurate or not).

Up to now, the typical available avenue for manipulating caller-ID has been
pay services that tended to limit the potential for largescale abuse since
users are charged for access. Google, by providing a free service that will
place calls and manipulate caller-ID, vastly increases the scope of the
problem. Scale matters.

Google has not vetted this caller-ID feature sufficiently, and I urge its
immediate reconsideration.

More information about the Infowarrior mailing list