Caller ID spoofing—the act of using commercially-available technology or services to alter the name and telephone number that appear on the called party’s caller ID display—is pervasive. It presents significant risk not only to recipients (of being duped into thinking a call is from someone it is not) but also to the person or business whose name and telephone number the spoofer appropriates. An unknowing recipient of a spoofed call could initiate legal proceedings against a completely innocent person or business whose information has been spoofed, causing that party unwarranted reputational harm. Although federal and state governments have attempted to legislate against illegitimate caller ID spoofing, such legislation has struggled to counteract the problem. Recently, however, legislators at both levels of government have undertaken new efforts to curtail harassing and deceptive use of spoofing.
At the federal level, caller ID spoofing is governed by the Truth in Caller ID Act of 2009 (codified at 47 U.S.C. § 227(e), with corresponding regulations promulgated at 47 C.F.R. § 64.1604) (the “Act”). Although the Act makes it unlawful, subject to certain exemptions, “to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification,” the Act contains significant limitations. First, it only applies to “any person within the United States,” so spoofed calls initiated outside the United States are not covered. Second, it only applies to calls made “with the intent to defraud, cause harm, or wrongfully obtain anything of value.”
Some states have attempted to enact stricter laws curbing forms of caller ID spoofing not covered by the Act. Yet, these laws have faltered when challenged in court. For example, Mississippi enacted a Caller ID Anti-Spoofing Act in 2010. That statute prohibited a person from “enter[ing] or caus[ing] to be entered false information into a telephone caller identification system with the intent to deceive, defraud[,] or mislead the recipient of the call” and from “plac[ing] a call knowing that false information was entered into the telephone caller identification system with the intent to deceive, defraud[,] or mislead the recipient of the call.” Miss. Code Ann. § 77-3-805 (2010). In Teltech Systems, Inc. v. Bryant, 702 F.3d 232 (5th Cir. 2012), however, the U.S. Court of Appeals for the Fifth Circuit held that Mississippi’s statute was preempted by federal law because it conflicted with the Act. In particular, the Fifth Circuit noted Congress’s concern in enacting the Act about encroaching upon legitimate, “non-harmful” spoofing. Thus, other states—including Indiana (Ind. Code § 24-5-14.5-9) and Tennessee (Tenn. Code Ann. § 47-18-2302)—have enacted statutes that closely track the federal statute, thus avoiding preemption issues, while providing a private right of action that the federal statute lacks.
Recently, state legislatures in Pennsylvania and West Virginia have taken steps to expand restrictions on spoofing beyond the scope of the Act. On January 23, 2018, the Pennsylvania House Judiciary Committee unanimously reported favorably on HB979. If enacted, the bill would make it a misdemeanor to place a call or otherwise facilitate the displaying of false caller ID information with the intent to either defraud, cause harm to, or—critically—to harass the called party. By including intent to harass, the Pennsylvania bill would reach a broader range of calls than the federal law. Likewise, the West Virginia House of Representatives passed House Bill 4150 on January 25, 2018. As originally drafted, the bill would have prohibited telecommunications carriers from transmitting calls where the caller ID information had been manipulated to display the call recipient’s own information and would have made transmitting misleading or inaccurate caller ID information a felony unless the caller owned or operated the name and telephone number displayed. As passed, however, the bill merely makes it an unfair or deceptive act for a seller or telemarketer to transmit misleading or inaccurate caller ID information. Thus, the current form of the West Virginia bill is both broader (in scope) and narrower (as to whom it applies) than the Act.
Congress has also recently been working on amendments to strengthen the Act. In the House, H.R. 423, the Anti-Spoofing Act of 2017, passed with bipartisan support. The bill would (1) extend the existing law to cover persons outside the United States placing calls into the country through any voice or text messaging medium, and (2) charge the Federal Trade Commission with developing educational materials about technologies that can be used to combat caller ID spoofing. The Senate passed S. 134, the Spoofing Prevention Act of 2017, by unanimous consent, and it incorporates the substantive text of H.R. 423 with minor differences. Thus, there is a strong possibility that the proposed law will be reconciled, enacted, and sent to President Trump’s desk for signature. At the same time, the proposed bill would not extend federal law to cover spoofed calls made merely with the intent to deceive or harass the recipient. Nevertheless, as caller ID spoofing continues to pose difficulties to consumers and businesses alike, legislatures may continue to work to find solutions.