Florida Attorney General Charlie Crist issued last week subpoenas targeting five different Caller ID spoofing sites. Four of the subpoenas are directed at the domain name registrars in an effort to unmask the identities of the site operators, while the fifth one is directed at one such site operator, Tricktel.com, with demand to reveal business records and the identifies of any Florida customers.

"People use Caller ID to protect themselves from unwanted calls and contact from those who would do them harm," Crist said in a press release. "It is wrong for individuals or businesses to deceive our citizens, and this cannot be allowed to continue unchecked."

In the interest of disclosure, Florida AG Crist is also the Republican candidate for governor of Florida.

Federal Investigation

Florida’s probe comes after a broader federal investigation was launched by the FCC a month earlier. The FCC issued letters to at least three Caller ID spoofing sites demanding detailed information on the structure of their business and the names of every customer that has used the services, the dates, and number of phone calls made. Wired News has reported that at least one of those services, Telespoof.com, has complied and turned over its customer records to the FCC after FCC had issued a formal subpoena.

Privacy and Legal Implications

The debate on the legality of these sites is raging. Lawyers for the Caller ID spoofing services claim that they are primarily used for lawful aims. "We’re talking about private investigators, skip tracers, law enforcement agencies, attorneys, others who are legitimately trying to locate people to enforce their rights or in many cases the rights of the public, There are lots of legitimate uses of this." Also, Chris Hoofnagle, an attorney with the Electronic Privacy Information Center, says he thinks Caller ID spoofing has legitimate uses, and would rather see fraudsters prosecuted for their crimes than have spoofing sites categorized as burglar tools. Mr. Hoofnagle argues that the right thing to do is to prosecute the underlying fraud, and not the tools that have legitimate uses (e.g. calling a police tip line, or a newspaper story.)

On the other hand, it has been reported that criminals have used the sites while making pretext phone calls to extract private information like bank account and SSNs out of consumers and companies. Experts say the services have also been used to target businesses that rely on Caller ID for authentication — Western Union’s money-transfer service has been particularly vulnerable, as are T-Mobile voicemail boxes in their default configuration.