[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]
PREVENTING HARASSMENT THROUGH OUTBOUND NUMBER ENFORCEMENT (PHONE) ACT
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON CRIME, TERRORISM,
AND HOMELAND SECURITY
OF THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED NINTH CONGRESS
SECOND SESSION
ON
H.R. 5304
__________
NOVEMBER 15, 2006
__________
Serial No. 109-154
__________
Printed for the use of the Committee on the Judiciary
Available via the World Wide Web: http://judiciary.house.gov
U.S. GOVERNMENT PRINTING OFFICE
30-839 PDF WASHINGTON : 2006
------------------------------------------------------------------
For sale by Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2250. Mail: Stop SSOP,
Washington, DC 20402-0001
COMMITTEE ON THE JUDICIARY
F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman
HENRY J. HYDE, Illinois JOHN CONYERS, Jr., Michigan
HOWARD COBLE, North Carolina HOWARD L. BERMAN, California
LAMAR SMITH, Texas RICK BOUCHER, Virginia
ELTON GALLEGLY, California JERROLD NADLER, New York
BOB GOODLATTE, Virginia ROBERT C. SCOTT, Virginia
STEVE CHABOT, Ohio MELVIN L. WATT, North Carolina
DANIEL E. LUNGREN, California ZOE LOFGREN, California
WILLIAM L. JENKINS, Tennessee SHEILA JACKSON LEE, Texas
CHRIS CANNON, Utah MAXINE WATERS, California
SPENCER BACHUS, Alabama MARTIN T. MEEHAN, Massachusetts
BOB INGLIS, South Carolina WILLIAM D. DELAHUNT, Massachusetts
JOHN N. HOSTETTLER, Indiana ROBERT WEXLER, Florida
MARK GREEN, Wisconsin ANTHONY D. WEINER, New York
RIC KELLER, Florida ADAM B. SCHIFF, California
DARRELL ISSA, California LINDA T. SANCHEZ, California
JEFF FLAKE, Arizona CHRIS VAN HOLLEN, Maryland
MIKE PENCE, Indiana DEBBIE WASSERMAN SCHULTZ, Florida
J. RANDY FORBES, Virginia
STEVE KING, Iowa
TOM FEENEY, Florida
TRENT FRANKS, Arizona
LOUIE GOHMERT, Texas
Philip G. Kiko, General Counsel-Chief of Staff
Perry H. Apelbaum, Minority Chief Counsel
------
Subcommittee on Crime, Terrorism, and Homeland Security
HOWARD COBLE, North Carolina, Chairman
DANIEL E. LUNGREN, California ROBERT C. SCOTT, Virginia
MARK GREEN, Wisconsin SHEILA JACKSON LEE, Texas
TOM FEENEY, Florida MAXINE WATERS, California
STEVE CHABOT, Ohio MARTIN T. MEEHAN, Massachusetts
RIC KELLER, Florida WILLIAM D. DELAHUNT, Massachusetts
JEFF FLAKE, Arizona ANTHONY D. WEINER, New York
MIKE PENCE, Indiana
J. RANDY FORBES, Virginia
LOUIE GOHMERT, Texas
Michael Volkov, Chief Counsel
David Brink, Counsel
Caroline Lynch, Counsel
Jason Cervenak, Full Committee Counsel
Bobby Vassar, Minority Counsel
C O N T E N T S
----------
NOVEMBER 15, 2006
OPENING STATEMENT
Page
The Honorable Howard Coble, a Representative in Congress from the
State of North Carolina, and Chairman, Subcommittee on Crime,
Terrorism, and Homeland Security............................... 1
The Honorable Robert C. Scott, a Representative in Congress from
the State of Virginia, and Ranking Member, Subcommittee on
Crime, Terrorism, and Homeland Security........................ 2
WITNESSES
The Honorable Tim Murphy, a Representative in Congress from the
State of Pennsylvania
Oral Testimony................................................. 5
Prepared Statement............................................. 7
Mr. Barry Sabin, Deputy Assistant Attorney General, Criminal
Division, United States Department of Justice
Oral Testimony................................................. 8
Prepared Statement............................................. 10
Mr. James Martin, President and Founder, 60 Plus Association
Oral Testimony................................................. 18
Prepared Statement............................................. 19
Mr. Phil Kiko, General Counsel and Chief of Staff, Committee on
the Judiciary, United States House of Representatives
Oral Testimony................................................. 21
Prepared Statement............................................. 22
PREVENTING HARASSMENT THROUGH OUTBOUND NUMBER ENFORCEMENT (PHONE) ACT
----------
WEDNESDAY, NOVEMBER 15, 2006
House of Representatives,
Subcommittee on Crime, Terrorism,
and Homeland Security
Committee on the Judiciary,
Washington, DC.
The Subcommittee met, pursuant to notice, at 10:01 a.m., in
Room 2141, Rayburn House Office Building, the Honorable Howard
Coble (Chairman of the Subcommittee) presiding.
Mr. Coble. Ladies and gentlemen, before I convene today's
hearing, we have virtually no one except the Ranking Member and
me here, but I want to say this before we start. This will
likely be our final hearing on this Subcommittee, and I would
be remiss if I did not express my thanks to each Member who
served on this Subcommittee, and, in particular, the
distinguished gentleman from Virginia, the Ranking Member, Mr.
Scott; Mr. Vassar, his able counsel; Mr. Mike Volkov, and his
able associates on our side. I think we have had a very
productive 2-year stint during this session, and I'm
appreciative to all of you on the Subcommittee. We have had
good hearings. We've had good witnesses, today being no
exception. And having said that, we will commence.
I want to welcome everyone to this important hearing
regarding fraudulent telephone calls. Today the Subcommittee
will be conducting a legislative hearing on the PHONE Act, H.R.
5304, the ``Preventing Harassment through Outbound Number
Enforcement Act,'' which was introduced by our colleague,
Representative Timothy Murphy, who represents Pennsylvania's
18th Congressional District.
In the last few years, the criminal activity known as
``spoofing'' has increased. Those who engage in spoofing use an
incorrect, fake, or fraudulent caller ID to conceal their
identity in order to facilitate a fraudulent telephone call to
the recipient.
Caller ID spoofing involves making one's own phone number
and identifying information with another phone number and
identifying information. Call recipients then divulge personal
and private information to the caller under the mistaken belief
that the caller is legitimate; that is, a bank, a credit card
company, a court of law, et cetera. If the recipient of the
call had known the true identity of the caller, the recipient
would not have provided the private information.
Spoofing also invades the privacy of those individuals
whose caller ID is used to mask fraudulent calls. Some may
describe spoofing as a way to maintain caller privacy, but it
is nonetheless fraudulent. Although the technology needed to
spoof has been available for some time, it requires special
equipment and knowledge to actually use the masking technology.
Recently, this technology has become more accessible to the
average person, either through the purchase of Internet
telephone equipment or through Web sites specifically set up to
spoof. These Web sites claim to be set up to protect your
privacy. However, the use of this technology has been linked to
fraud, prank telephone calls, political attacks, and
telemarketers who attempt to avoid the current ``do not call''
limits. Additionally, calling cards can be purchased or
accounts can be set up to allow multiple calls. Further, the
technology can block any back technology such as the star
symbol or dash 69.
Representative Murphy introduced H.R. 5304 to address these
concerns by creating a new Federal crime to prohibit the
modification of caller ID with the intent to deceive the
recipient of a telephone call as to the identity of the caller.
The bill imposes a fine and/or a prison term of up to 5 years
for violations.
However, the legislation does not affect legally available
blocking of caller ID technology or lawfully authorized
activities of law enforcement or intelligence agencies. This
legislation is intended to help protect consumers from
harassment, identity theft or other crimes. This hearing will
focus on the need to broaden the scope of current law to deter
telephone fraud, protect consumers from harassment and to
better protect consumers and their personally identifiable data
from fraudulent telephone use, and also the need to increase
the tools available to the Department of Justice to prosecute
and protect against criminals who use fake telephone and caller
ID to commit crime.
I look forward to learning more about this bill this
morning, and thank each of our witnesses for participating in
today's hearing. And before we call upon our witnesses, I am
pleased to recognize the distinguished gentleman from Virginia,
the Ranking Member, Mr. Bobby Scott.
Mr. Scott. Thank you, Mr. Chairman. And, Mr. Chairman, you
indicated that this may well be the last hearing that we have
this session and you would be Chairman, and I'd like to comment
on our working relationship. In commenting on it, I'm reminded
of what President Kennedy said when he began a speech in
Cleveland, Ohio. He said that there's no city in the United
States in which I've received a warmer welcome and fewer votes
than Cleveland, Ohio.
I think there is no Committee in Congress where I have
enjoyed a warmer reception and fewer votes from the Chairman,
but you've been very cordial and you've given everyone an
opportunity to be heard, and I wish you well in whatever
Committee that you're on next in the next session.
Mr. Coble. If the gentleman will yield, those roles may
well be reversed in about a month, but it's been a pleasure,
Bobby.
Mr. Scott. Thank you. But I'm pleased to join you in
convening this hearing on the PHONE Act. This bill is aimed in
preventing the practice called ``spoofing,'' where a caller
uses a fake or fraudulent caller ID to hide his true identity
in order to irritate, harass, or defraud the recipient of the
call.
I'm concerned about the growing aspects of spoofing being
used for such purposes with impunity, and support the thrust of
H.R. 5304. However, I think we need to make sure that the bill
appropriately defines what constitutes spoofing or caller ID
deception to the extent that criminal penalties should apply
and what the penalty should be for what kind of spoofing
intent. We also need to consider whether or not the mere act of
altering one's caller ID information should be criminalized in
those situations where there is no indication of intent to
harass, defraud, or otherwise commit a criminal act.
Certainly the kinds of problems we expect to hear about
today from our witnesses, including our own chief counsel, are
the kinds of situations where we do want them to be covered
under the bill as criminal acts. However, when there is no
intent to defraud or harass, we need to consider whether or not
innocent disguises of one's identity should constitute a crime.
Disguises are routinely used in Internet names such as
[email protected] or [email protected], and we need to
consider whether or not the bill should criminalize using a
similar caller ID for innocent purposes.
So I'm looking forward to the testimony by witnesses, Mr.
Chairman, and for guidance on insight on these issues and in
working with you as we develop a bill to address the problems
of spoofing that we definitely want to prevent.
Thank you Mr. Chairman.
Mr. Coble. Thank you, Mr. Scott, and thank you for your
generous words as well.
Gentlemen, it is the practice of this Subcommittee to swear
in all witnesses. So, if you all would please raise your right
hand and stand, if you will.
[Witnesses sworn.]
Mr. Coble. Let the record show that each of the witnesses
answered in the affirmative. Please be seated.
We are blessed with a very distinguished panel today, and
for the benefit of those in the audience who may not know the
identities of the witnesses, I want to give you some background
about them.
Our first witness is the Honorable Tim Murphy who is the
representative of Pennsylvania's 18th District and is the
primary sponsor of the bill we're addressing today, H.R. 5304.
Congressman Murphy is a Member of the Energy and Commerce
Committee and has three Subcommittee assignments, including the
Subcommittee on Commerce, Trade, and Consumer Protection. From
1997 to 2002, he served in the Pennsylvania State Senate where
he penned the State's historic patient bill of rights and
increased funding for medical research. Since his election to
Congress in 2003, he has continued to be a leader in health
issues as a member of the Congressional Mental Health Caucus
and the 21st century Health Care Caucus. Congressman Murphy
holds a bachelor's degree from Wheeling Jesuit University, a
master's degree from Cleveland State University, and a Ph.D.
from the University of Pittsburgh.
Our second witness is Mr. Barry Sabin, Deputy Assistant
Attorney General of the Criminal Division of the United States
Department of Justice. In this capacity, Mr. Sabin is
responsible for overseeing the Fraud Section, Criminal
Appellate Section, Gang Squad, and Capital Crimes Unit. Mr.
Sabin served as the Chief of the Criminal Division's
Counterterrorism Section from 2002 to 2006, during which he
received the Henry Petersen Award, the Criminal Division's
highest honor. Prior to coming to Washington, he served for
nearly a dozen years as a Federal criminal trial prosecutor,
and held a number of supervisory positions in the United States
Attorney's Office in South Florida. Mr. Sabin received his
bachelor's and master's degrees from the University of
Pennsylvania and his law degree from the New York University
School of Law.
Now, Mr. Sabin, I'm going to hold you harmless for this,
but our Justice Department is infamously belated in getting its
statements to us. As I say, I'm not blaming you for that, but
if you could take back to Justice--I'm looking forward to the
next session of Congress now. If they could provide us with the
written testimony in a more timely way, we would be
appreciative.
Mr. Sabin. Yes, sir.
Mr. Coble. We will not kill the messenger in this case, but
if you could convey that, I would be appreciative to you.
Our third witness is Mr. James Martin, President and
Founder of the 60 Plus Association, a seniors advocacy group.
Under Mr. Martin's leadership, membership at 60 Plus has soared
to over 500,000, and the Association has ranked saving Social
Security for future generations among its top priorities. In
addition to founding 60 Plus, Mr. Martin has helped organize
and direct several other advocacy groups, including the
National Conservative Political Action Committee and the Public
Service Research Council. Mr. Martin received a bachelor's
degree in journalism from the University of Florida where he
won a William Randolph Hearst award for writing;
And, Mr. Martin, I know you've done a very commendable job
with 60 Plus. I had no idea your membership had soared a half
million. That speaks well for your leadership.
Our final witness is unknown to none of us on this panel,
Mr. Phil Kiko, Chief of Staff and General Counsel for the House
Committee on the Judiciary. Prior to taking his current
position with the Committee, Mr. Kiko served first as
Legislative Director and then as Chief of Staff in Congressman
F. James Sensenbrenner's congressional office. He also worked
as Associate Counsel for the Judiciary Subcommittee on Civil
and Constitutional Rights, where he focused on proposed
constitutional amendments, crimes, civil rights, FBI, and
immigration issues. He has been instrumental in the Committee
on the Judiciary's passing of the USA PATRIOT Act, legislation
overhauling the INS, visa reform, Border Security Act, and the
first Justice Department authorization in over 20 years. Mr.
Kiko earned his undergraduate degree at Mount Union College and
received his J.D. from the International School of Law, now
known as the George Mason University School of Law.
Mr. Kiko, I'm amplifying my ignorance now, but tell me
where Mount Union is located.
Mr. Kiko. Alliance, Ohio.
Mr. Coble. I figured there was a Buckeye connection there
somewhere.
Gentlemen, we've been joined by the gentleman from Ohio,
Mr. Chabot, and the gentleman from Florida, Mr. Keller, and no
one on the minority side yet.
Gentlemen, we traditionally operate under the 5-minute rule
here. When the amber light appears on your panel, that is your
warning that you're running out of time. You'll have a minute
to go at that point, and no one will be assaulted if you
violate the 5-minute rule, but when the red light appears, the
5 minutes have elapsed, and at that point if you could wrap up,
we would be appreciative.
I'm going to start with Mr. Murphy. Good to have you with
us today.
TESTIMONY OF THE HONORABLE TIM MURPHY, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF PENNSYLVANIA
Mr. Murphy. Thank you, Mr. Chairman and Mr. Scott and
Members of the Subcommittee. I appreciate an opportunity to
discuss this bill H.R. 5304, the Preventing Harassment through
Outbound Number Enforcement Act, or the PHONE Act; or, in this
case, the PHONE bill.
Identity theft has become an increasingly critical problem
for consumers. The Federal Trade Commission revealed earlier
this year that 10 million individuals are the victims of
identity theft each year, and identity theft is the number one
consumer complaint in each of the 50 States. The disastrous
implications of identity theft for consumers include damaged
credit and financial ruin, and the effects can tear apart
families.
Congress has repeatedly tried to prevent identity theft.
Unfortunately, with new technology comes new risk and new
opportunities for criminals to skirt the law. One of these
technologies used by thieves is the practice of call spoofing,
or caller ID fraud, where one masks their identity by altering
the outbound caller ID number in order to mislead the call
recipient. Some may describe call spoofing as a way to maintain
caller privacy, but it is nothing less than fraud when used
maliciously. That is because accountability is critically
important in our judicial system. Caller ID fraud takes away
accountability from people who wish to do harm to others.
Consider the effects of the false use of caller ID in other
areas. Past Federal and State efforts to block unwanted phone
solicitation with ``do not call'' lists was to provide some
privacy for citizens, but when someone hijacks your phone
number, they can bypass that protection.
I believe Congress must enact a law to penalize caller ID
fraud perpetrators. This bill is particularly necessary to
protect American families, the elderly and businesses because
illegally using another person's phone number could have
limitless unlawful applications.
It doesn't take much imagination to understand how
dangerous this practice could be for unlawful people. A
criminal could try to obtain personal financial information
from individuals by using a bank's phone number. An ex-spouse
could harass a former wife or husband who has blocked calls
from the ex-spouse's phone line. A pedophile could stalk a
child by stealing a school phone number or the phone number of
a friend of the child. A sexual predator could use a doctor's
office phone number. A terrorist could make threats from a
Government phone number. The list goes on.
The criminal use of caller ID fraud is not just a
possibility, however. Here are some real-world examples of
caller ID fraud that are very real and very disturbing. The
AARP Bulletin reported a case in which people received calls
that made false claims that they missed jury duty. To avoid
prosecution, these individuals were asked for their Social
Security number and other personal information. The phone
number that appeared on their caller ID was from the local
courthouse, so people assumed the caller was telling the truth.
The security company, Secure Science Corporation, has
stated that criminals have accessed legal call spoofing
Internet sites in order to protect their identities while they
buy stolen credit card numbers. These individuals call a money
transfer service such as Western Union and use a fake caller ID
and a stolen credit card number to order cash transfers to
themselves.
In 2005, SWAT teams surrounded an empty building in New
Brunswick, New Jersey after police received a call from a woman
who said she was being held hostage in an apartment. She was
not in the apartment, and the woman had intentionally used a
false caller ID. Imagine what might have happened.
For these reasons, I have introduced H.R. 5304 to punish
those who engage in the intentional practice of misleading
others through caller ID fraud. Violators of the bill would be
subject to a penalty of up to 5 years in prison and up to
$250,000 in fines. Unfortunately, pursuing these criminals is
difficult and particularly resource-intensive. The House has
already expressed its will on this matter, unanimously passing
H.R. 5126, the Truth in Caller ID Act, which I have
cosponsored, but this bill only asks the Federal Communications
Commission to create a rule to prohibit caller ID fraud in 6
months. There are no penalties in the bill, and it doesn't stop
people from skirting that law and still doing this. The Senate
has not acted on H.R. 5126, and so the problems remain.
I also include an amendment to prompt the FCC to address
the practice of caller ID fraud in H.R. 5672, the Fiscal Year
2007 Science, State, Justice, Commerce Appropriations Act.
Still, I believe my bill, H.R. 5304, appropriately goes further
by amending criminal law to fully protect Americans from the
practice of caller ID fraud.
Over the years, Congress has been criticized as a reactive
institution. Today, this Subcommittee is proactively
considering a good idea that addresses a problem before a
tragedy occurs. Today, we have a chance to help stop crime,
prevent identity theft and protect lives.
Thank you for your commitment to the personal identity
security of all Americans, and I would be happy to answer any
questions you may have. Thank you, Mr. Chairman.
Mr. Coble. And you have applied pressure to your colleagues
because you beat the red light, Mr. Murphy. I commend you for
that.
[The prepared statement of Mr. Murphy follows:]
Prepared Statement of the Honorable Tim Murphy, a Representative in
Congress from the State of Pennsylvania
Mr. Chairman, Ranking Member Scott, distinguished colleagues of the
Committee, thank you for inviting me to speak before you today on
behalf of my legislation, H.R. 5304, the Preventing Harassment through
Outbound Number Enforcement Act, or the PHONE Act.
Identity theft has become an increasingly critical problem for
consumers. The Federal Trade Commission revealed earlier this year that
10,000,000 individuals are victims of identity theft each year, and
identity theft is the number one consumer complaint in each of the
fifty states. The disastrous implications of identity theft for
consumers include damaged credit and financial ruin, and the effects
can tear apart families.
Congress has repeatedly tried to prevent identity theft.
Unfortunately, with new technology comes new risks and new
opportunities for criminals to skirt the law. One of these technologies
used by thieves is the practice of ``call spoofing,'' or ``caller ID
fraud,'' where one masks their identity by altering their outbound
caller ID number in order to mislead the call recipient. Some may
describe call spoofing as a way to maintain caller privacy. But it is
nothing less than fraud. That's because accountability is critically
important in our judicial system. Caller ID fraud takes away
accountability from people who wish to do harm to others.
Stealing, masking or otherwise altering one's caller identification
to deceive is a new tool in the hands of criminals. The practice of
caller ID fraud can be tremendously harmful to consumers.
Consider the effects of the false use of caller ID in other areas.
Past federal and state efforts to block unwanted phone solicitations
with ``Do Not Call'' lists was to provide some privacy for citizens.
But when someone hijacks your phone number, they can bypass that
protection.
I believe Congress must enact a law to penalize caller ID fraud
perpetrators. This bill is particularly necessary to protect American
families, the elderly and businesses, because illegally using another
person's phone number could have limitless unlawful applications. It
doesn't take much imagination to understand how dangerous this practice
could be for unlawful people:
A criminal could try to obtain personal financial
information from individuals by using a bank's phone number,
An ex-spouse could harass a former wife or husband
who has blocked calls from the ex-spouse's phone line,
A pedophile could stalk a child by stealing a school
phone number or the phone number of a friend of the child,
A sexual predator could use a doctor's office phone
number, or
A terrorist could make threats from a government
phone number.
The criminal use of caller ID fraud is not just a possibility. Here
are some real world examples of caller ID fraud that are real and very
disturbing:
The AARP Bulletin reported cases in which people received calls
that made false claims that they missed jury duty. To avoid
prosecution, these individuals were asked for their Social Security
number and other personal information. The phone number that appeared
on their caller ID was from the local courthouse, so people assumed the
caller was telling the truth.
The security company, Secure Science Corporation, has
stated that criminals have accessed legal call spoofing
Internet sites in order to protect their identities while they
buy stolen credit card numbers. These individuals call a money
transfer service such as Western Union and use a fake Caller ID
and a stolen credit card number to order cash transfers to
themselves.
In 2005, SWAT teams surrounded an empty building in
New Brunswick, New Jersey, after police received a call from a
woman who said she was being held hostage in an apartment. She
was not in the apartment, and the woman had intentionally used
a false caller ID. Imagine what might have happened.
For these reasons, I have introduced H.R. 5304 to punish those who
engage in the intentional practice of misleading others through caller
ID fraud. Violators of the bill would be subject to a penalty of up to
five years in prison and fines of $250,000. Unfortunately, pursuing
these criminals is difficult and particularly resource intensive.
The House has already expressed its will on this matter,
unanimously passing H.R. 5126, the Truth in Caller ID Act, which I have
cosponsored. But this bill only asks the Federal Communications
Commission to create a rule to prohibit caller ID fraud in six months.
There are no penalties in the bill. The Senate has not acted on H.R.
5126, and so the problems remain. I also included an amendment to
prompt the FCC to address the practice of caller ID fraud in H.R. 5672,
the Fiscal Year 2007 Science, State, Justice, Commerce Appropriations
Act. Still, I believe my bill, H.R. 5304, appropriately goes further by
amending criminal law to fully protect Americans from the practice of
caller ID fraud.
Over the years, Congress has been criticized as a reactive
institution. Today, this subcommittee is proactively considering a good
idea that addresses a problem before a tragedy occurs. Today we have a
chance to help stop crime, prevent identity theft and protect lives.
Thank you for your commitment to the personal identity security of
all Americans. I would be happy to answer any questions you might have.
Mr. Coble. Mr. Sabin.
TESTIMONY OF BARRY SABIN, DEPUTY ASSISTANT ATTORNEY GENERAL,
CRIMINAL DIVISION, UNITED STATES DEPARTMENT OF JUSTICE
Mr. Sabin. Good morning, Mr. Chairman, Ranking Member
Scott, and Members of the Subcommittee. It is my pleasure to
appear before you today to discuss H.R. 5304, the Preventing
Harassment through Outbound Number Enforcement Act.
The United States Department of Justice supports
congressional action such as the PHONE Act to provide law
enforcement better tools to protect our citizens and our
countries from identity thieves, stalkers, fraudsters, and
other criminals. The phone Act targets caller ID spoofing. That
is the falsifying of information transmitted by the telephone
network that causes a call recipient's caller identification
equipment to display incorrect information about who is
calling. Recent changes in technology, particularly Voiceover
Internet Protocol equipment, have made caller ID spoofing
relatively easy and inexpensive. As a result, services
available through the Internet or through toll-free telephone
numbers have brought caller ID spoofing to the mainstream.
These services allow users to have placed calls while enabling
the user to choose any number they wish to appear on their
recipients' caller ID displays. There is no meaningful way for
consumers to opt out of receiving spoofed calls or to prevent
their telephone numbers from being spoofed.
While this technology is relatively new, we are already
seeing it being misused. Criminals can use caller ID spoofing
to facilitate a number of crimes, including identity theft,
harassment, privacy invasions, and other types of fraud. Caller
ID spoofing can assist a criminal to trick an individual into
providing a credit card number or a Social Security number or
to fool a domestic abuse victim into accepting a harassing
call. Identity thieves, hackers and other criminals also can
use caller ID spoofing to circumvent security measures put in
place by financial institutions, communication service
providers and others. These concerns are not theoretical. We
know that criminals are using these caller ID spoofing services
to further their crimes today.
The crux of the crime is the criminal's intent to mislead.
For instance, James Turner Hopper recently pleaded guilty to
several Federal felony offenses, including identity theft. Mr.
Hopper was able to use caller ID spoofing more than 150 times
in order to hide his true identity and to defeat security
controls while attempting to steal over $88,000. Hopper was
recently sentenced to 30 months' incarceration in the United
States District Court for the Southern District of California.
The Justice Department is concerned with the widespread
availability of caller ID spoofing services that present
significant potential for abuse and hinder law enforcement's
ability to timely and thoroughly investigate crime. We believe
that this matter merits further study and suggests that
Congress consider whether a civil or criminal prohibition on
caller ID spoofing services in appropriate circumstances would
be warranted. We would be happy to work with the Committee and
Subcommittee in exploring the issue further.
In addition, the Justice Department has a variety of
suggestions to clarify and strengthen the bill that will be
provided to the Subcommittee shortly. Among other
recommendations, DOJ suggests that the drafters consider a more
graduated series of offenses that would allow prosecutors to
charge a full range of misdemeanor and felony offenses as well
as forfeiture provisions in appropriate circumstances. The
Department of Justice appreciates this Subcommittee's proactive
leadership in making sure that our country's laws meet this new
challenge.
Thank you for the opportunity to testify today and for your
continuing support. I am happy to answer any questions you may
have.
Mr. Coble. Mr. Sabin, you, too, were very disciplined in
beating the red light.
[The prepared statement of Mr. Sabin follows:]
Prepared Statement of Barry Sabin
Mr. Coble. Mr. Martin, the pressure is upon you now.
TESTIMONY OF JAMES MARTIN, PRESIDENT AND FOUNDER,
60 PLUS ASSOCIATION
Mr. Martin. Thank you, Mr. Chairman, and Mr. Chairman to
be. I appreciate the opportunity here to offer some comments.
And by the way, I need to update my biographical sketch. That
500,000 has grown 10 years ago to about 5 million now and is
still growing. We're not nearly with the AARP, but we're
getting there.
Incidentally, my honorary chairman is a former colleague of
yours, Roger Zion of Evansville, Indiana. Hale and hearty at 85
years young, Roger was elected to the 90th Congress in 1966 and
served with distinction here for 4 consecutive terms.
I'm also proud of the fact that our National spokesman is
none other than the legendary entertainer Pat Boone. In the Top
10 all-time of recording artists, nobody but nobody sold more
records in the fifties and sixties than Pat, except for a
fellow by the name of Elvis.
I don't want to attempt to have you believe that I am an
expert on spoofing or phishing. That's ``phishing'' spelled
with a P-H, by the way, not the way that we spell the
recreational activity that so many of us ``gray hairs'' like
myself enjoy; but in a sense, that's why we're here, isn't it?
Things aren't always what they seem in this brave new world of
high-tech, and we seniors accept that it's the progress that it
represents. What we're not about to accept is fraud, deceit,
larceny, character assassination, and identity theft. We didn't
accept it back in the fifties when the guy selling aluminum
siding left us holding the bag. We didn't, in recent years, as
telephone scams were perfected, and we won't now with
cyberspace being manipulated for the same ends: greed.
This matter of spoofing or phishing strikes me as serious
business. Just as seniors are beginning to get computer
literate, we've learned some basics like with spam. Over time,
we've learned it's garbage via e-mail that we didn't ask for,
and as an unwanted document, we can merely delete the file.
It's a pain in the neck, but it isn't lethal. But with
phishing, a senior logs onto their e-mail account and is duped
by use of a legitimate name or vendor that they may have an
actual account with--say, the bank or credit card--and since
they're likely to want to access the information, they click
onto a link or otherwise take action and fill out personal
information, something they innocently believe is an update,
but it's really designed to give the phishers personal
information that could be lethal.
This matter of spoofing strikes me as a new low. Someone
receives an e-mail from a friend or a loved one. Surely, anyone
would open that message, right? Well, hold on. It turns out
with spoofing, a virus attacks your address book or seizes
addresses from your ``to'' and
from'' field and manipulates it in such a way that you're
either sending or receiving a knockout blow of a virus. This is
bad stuff.
It's much the same for the telephone. Let's say you're
paying for a service we all know, called ``caller ID''. Well,
be careful. The number you recognize as your Aunt Betty's
number really isn't hers. The bad guys spoofed poor Aunt Betty
and grabbed her number to mask the bad guy's real number. And
lo and behold, you pick up, and the connection is made, like it
or not. It could be a telemarketing scam. It could be just
about anything. It's bad stuff.
As more seniors get Internet savvy, as telephones and cell
phones become smart phones, the opportunity to be scammed only
goes up. We at 60 Plus have not received what you might
consider an alarming number of complaints on this issue, but
it's only a matter of time. This is a stink that's coming, and
we want to be proactive. So, for example, in the next edition
of our national quarterly magazine, Senior Voice, I plan to
post this very testimony and publicize these important
hearings. But let's face it: While we seniors have slowed down
some, we still would like to think we're quick enough to handle
the telephone or surf the Net with some dispatch. Now, we have
a right to expect fair play on the other end. If not, then we
have a legitimate right to ask our elected officials to step up
to the plate and do the right thing--pass tough, no-nonsense
laws that severely penalize those who would wish us harm.
In closing, seniors are shut-ins, sometimes connected to
the outside world by the phone and now, increasingly, by the
Internet. They're alone and they're lonely and they're easy
victims. It's my hope that this Committee will do whatever is
necessary to ensure that scammers get nailed for stealing
seniors' passwords, user names, bank information, credit card
data, and more.
Thank you for your compassion, and while my time is not up,
I sincerely thank you for yours.
Mr. Coble. I confess ignorance and embarrassment, Jim. We
were taking the 500,000 from your bio, and I didn't even
realize that there were 500,000, much less 5 million, but I
commend you for that, and I wish--I think I speak for Bobby. I
want you to convey good wishes to Roger and to Pat Boone, if
you will.
[The prepared statement of Mr. Martin follows:]
Prepared Statement of James L. Martin
Good morning, I'm Jim Martin, President of the 15-year-old-and-
counting 60 Plus Association \1\ and I appreciate the invitation to
offer comments today on behalf of some 5 million senior citizens we
call upon for support. For the record, I have prepared remarks and I'll
now summarize: incidentally, my Honorary Chairman is a former colleague
of yours, Roger Zion of Evansville, Indiana. Hale and hearty at 85
years young, Roger was elected to the 90th Congress in 1966 and served
four consecutive terms. I'm proud of the fact that our national
spokesman is none other than the legendary entertainer, Pat Boone. In
the Top 10 all-time of recording artists, nobody but nobody sold more
records in the 50s than Pat except for a fellow named Elvis.
---------------------------------------------------------------------------
\1\ The 60 Plus Association is a 15-year-old nonpartisan
organization taking on important issues such as death tax repeal,
saving Social Security, working to lower energy costs, affordable
prescription drugs and other senior-friendly issues featuring a less
government, less taxes approach. 60 Plus calls on support from nearly
4.5 million citizen activists. 60 Plus publishes a quarterly magazine,
SENIOR VOICE, and a Scorecard, bestowing a Guardian of Seniors' Rights
award on lawmakers of both parties who vote ``pro-senior.'' 60 Plus has
been called ``an increasingly influential senior citizen's group.'' 60
Plus has established a membership benefit program. To join 60 Plus or
for further information, please go to our website at www.60plus.org or
call 888-560-PLUS (7587).
---------------------------------------------------------------------------
I don't stand here today attempting to have you believe I'm an
expert on ``spoofing'' or ``phishing'' . . . that's fishing spelled
with a ``ph'', by the way, not the way I'm accustomed to spelling the
recreational activity so many ``gray hairs'' like myself enjoy.
But you know, in a sense, I suppose that's what we're here about
now, isn't it? Things that aren't really what they seem. Fishing
spelled with a ``ph''. ``Mac'' not being your golfing buddy but a
computer system. ``Windows'' not being what you clean each spring but
rather what has made Bill Gates a household name. ``Wallpaper'' that
has nothing whatever to do with walls; ``bugs'' having nothing to do
with insects; and a ``cursor'' having nothing to do with inappropriate
language.
And don't even ask me about iPods and Bluetooths or Boysenberries .
. . or is that Blackberry's?
You see, the old warhorse that I am, I know that things ain't
always what they seem in this brave new world of hi-tech. And we
seniors are prepared to accept that for the great rush of progress that
it represents. But what we're NOT about to accept is fraud, deceit,
larceny, character assassination and identity theft. We didn't back in
the 1950s when the guy selling aluminum siding left us holding the bag
. . . we didn't in recent years as telephone scams were perfected . . .
and we won't now with cyberspace being manipulated for the same ends:
greed.
This matter of ``spoofing'' or ``phishing'' strikes me as very
serious business. Just as we seniors are beginning to get computer
literate, we've learned some basics: like with ``spam''--over time
we've learned that it's garbage via email that we didn't ask for and as
an unwanted document, we can merely delete the file. It's a pain in the
neck, but it isn't lethal.
But with ``phishing,'' a senior logs on to their email account and
is duped by use of a legitimate name or vendor that they may have an
actual account with--say the bank or MasterCard or eBAY--and since
they're likely to want to access the information, they click on to a
link or otherwise take action and fill-out personal information--
something they innocently believe is an update--but is really designed
to give the ``phishers'' personal info that indeed could be lethal!
Or take this matter of ``spoofing'' . . . this strikes me as a new
low! Someone receives an email from a friend or loved one . . . well
surely, anyone would open that missive, right? Well, hold on! Turns out
with ``spoofing,'' a virus attacks your address book or seizes
addresses from your TO and FROM fields and manipulates it in such a way
that you are either sending or receiving a knock-out blow of a virus!
Very bad stuff, for certain.
And it's much the same for the telephone . . . let's say you're
paying for a service we all know called Caller ID. Well careful, now
the number you recognize as your Aunt Betty's number really isn't hers!
The bad guys ``spoofed'' poor Aunt Betty and grabbed her number to mask
the bad guy's real number and lo and behold, you pick up and the
connection is made, like it or not. Could be a telemarketing scam,
could be pornography, could be just about anything! Bad stuff!
I'm an old direct mail guy . . . snail mail, if you will . . . and
after 40 years, probably know as much or more about the direct mail
business as most. Could the direct mail business get pretty shoddy? Of
course it could BUT the recipient wasn't electronically connected; and
they were in the privacy of a home or office, able to dispose of the
literature opened or unopened and the matter was over and done with.
That's not the way today. And as more of my seniors with 60 Plus get
``Internet'' savvy, as telephones and cell phones become
``smartphones'' and ooze into every facet of our personal and business
lives, the opportunity to be scammed only goes up.
I'll be perfectly candid with you here: we at 60 Plus have not
received what you might consider an alarming number of complaints on
this issue. But it's only a matter of time. This is a stink that's
coming and we want to be proactive. So, for example, in the next
edition of our national quarterly magazine, Senior Voice, I plan to
post this very testimony I'm delivering today and publicize these
important hearings.
But let's face it, while we seniors have slowed down some, we still
would like to think we're quick enough to handle the telephone or surf
the Net with some dispatch--and we have a right to expect fair play on
the other end. If not, then we have a legitimate right to ask our
elected officials to step up to the plate and do the right thing: pass
tough, no-nonsense laws that severely penalize those who would wish us
harm.
In closing, I'll tell you testifying at events like these make me
pretty hungry. I don't mind telling you I'm looking forward to lunch
this afternoon; I'm going to have some ``Spam'' . . . the food staple
I've known for decades . . . followed by a few ``bytes'' of a some
``cookies'' . . . really, munch down on some Oreos . . . brought to me
by a ``server'' . . . you know, a real waiter . . . and I'll wash it
all down with some ``Java'' . . . honest-to-God coffee!
Well, there's my two ``bits'' . . . pun intended.
Seriously, I thank you for your allowing 60 Plus to weigh in on
this important matter to seniors. It's my hope that this committee will
do whatever is necessary to ensure the scammers get nailed for stealing
senior's passwords, usernames, bank information, credit card data and
more.
I'd also be remiss if I didn't mention how I appreciate Rep. Tim
Murphy (R-PA) introducing this important legislation . . . H.R. 5304,
the Preventing Harassment through Outbound Number Enforcement Act . . .
and acknowledge his consistent service to senior citizens, observing he
served as Chair of the Pennsylvania Committee on Aging when he was in
the state Senate there.
Well, I see my time is up . . . I thank you, most sincerely, for
yours.
Mr. Coble. And as an aside, Mr. Scott, I don't think I
remember a single hearing where all four witnesses beat the red
light, so the pressure is on Mr. Kiko.
The gentleman is recognized for 5 minutes.
TESTIMONY OF PHIL KIKO, GENERAL COUNSEL AND CHIEF OF STAFF,
COMMITTEE ON THE JUDICIARY, UNITED STATES HOUSE OF
REPRESENTATIVES
Mr. Kiko. Yeah. I guess I'd better comply with the
Chairman's rule; is that correct? All right.
Good morning, Chairman Coble, Ranking Member Scott and
Members of the Subcommittee. I thank you for the opportunity to
testify regarding the need to pass H.R. 5304, legislation which
criminalizes spoofing, the act of modifying telephone caller
identification information with the intent to mislead the
recipient as to the identity of the actual caller. I appear
before you this morning as a victim who has experienced
firsthand the invasion of my personal privacy and information
and the frustration caused by spoofing.
Spoofing creates two categories of victims: first, the
person who receives the telephone call identified as coming
from someone other than the actual caller; and, two, the person
whose caller identification is used fraudulently to disguise
the true identity of the caller.
I fall into the second category, because without our
family's knowledge or consent, my caller identification was
used, obviously hundreds of times, to mask the true identity of
a fraudulent caller. As a result, my family and I received up
to 20 phone calls a day over a several months' period of time
from people who fall into Category 1, who were either returning
the telephone call of a fraudulent caller, asking me to stop
calling them, or asking me to take them off the telemarketing
list.
However, the harm to the victims of spoofing does not end
with being inundated with, you know, daily and unwanted
telephone calls.
The impact of spoofing on victims is compounded by the fact
that it is extremely difficult for victims, and apparently for
the telephone companies and for anyone else, to identify the
source of and the names of individuals placing the fraudulent
telephone calls or to prevent the victim's caller ID from being
circulated to other fraudulent callers working off mass mailing
or telemarketing lists. Thus, even if the original fraudulent
caller is identified, there's a high probability that the
victim's information will already have been forwarded multiple
times to other unscrupulous callers and telemarketers. In some
instances, the minutes used for fraudulent telephone calls have
been charged to the victim's telephone plans. As a result, the
negative impact on the victim never ends but, instead, only
snowballs and gets worse.
Currently, the victims of spoofing have little or no
recourse against those who spoof. The only effective way to end
being victimized is to change one's telephone number, at a
great inconvenience, due in part to the infrastructure and
technical operations of the telephone companies.
In an attempt to put a stop to the never-ending and
unwanted phone calls to my house and to stop my caller ID from
being used to facilitate fraudulent calls, we contacted the
telephone company to inquire as to our options. To our
frustration, my wife's and my frustration, we were informed
that we could not prevent our caller ID from being used to
facilitate spoofing. Instead, the only way our caller ID would
not be used is if the recipient of the call contacted the
telephone company requesting that all calls from our caller ID
be blocked. Thus, the only way our caller ID would be totally
stopped from being fraudulently used is if every single person
who received a fraudulent phone call contacts the telephone
company and requests that calls to our caller ID be blocked, a
highly unlikely scenario, especially in light of the fact that
our caller ID will have most likely been passed on to other
fraudulent callers.
Ultimately, like so many other victims of spoofing, we were
left with the only effective option of changing the telephone
number that our family and I have had for 16 years. This has
obviously been a significant inconvenience. But even changing
our telephone number is no guarantee that we will not be
victims of spoofing again, because the bad actors could obtain
our new telephone number and the violations would start all
over.
In conclusion, spoofing has no valid social or economic
purpose, and it is a serious problem. Our family has
experienced firsthand the invasion of privacy and inconvenience
and frustration, and sometimes harassment, from spoofing, but
we have heard very compelling testimony from the other
witnesses at this table about the criminal aspects regarding
spoofing.
So I want to thank the Subcommittee for holding a hearing
on H.R. 5304, the PHONE Act, which will help reduce and
hopefully eliminate the harmful activity of spoofing. Thank you
very much.
Mr. Coble. Thank you, Mr. Kiko.
[The prepared statement of Mr. Kiko follows:]
Prepared Statement of Phil Kiko, Esquire
introduction
Good morning, Chairman Coble, Ranking Member Scott, and Members of
the Subcommittee. My name is Phil Kiko and I thank you for the
opportunity to appear before you this morning, to testify regarding the
need to pass H.R. 5304, legislation which criminalizes Spoofing, the
act of modifying telephone caller identification information with the
intent to mislead the recipient as to the identity of the actual
caller. I appear before you this morning to testify as a victim who has
experienced first hand the invasion of my personal privacy and
information, the harassment, and the frustration caused by Spoofing.
testimony
The act of Spoofing creates two categories of victims: 1) the
person who receives a telephone call identified as coming from someone
other than the actual caller; and 2) the person whose caller
identification is used fraudulently to disguise the true identity of
the caller. I fall into the second category, because without my
knowledge or consent, my caller identification (``ID'') was used
hundreds, if not thousands, of times to mask the true identity of a
fraudulent caller. As a result, my family and I have received up to 20
telephone calls a day from angry people who fall into category one, who
were either: returning the telephone call of the fraudulent caller;
asking me to stop calling them; or asking me to take them off the
telemarketing list.
However, the harm to the victims of Spoofing does not end with
being inundated daily with unwanted telephone calls. The impact of
Spoofing on victims is compounded by the fact that it is extremely
difficult for the victims (and apparently for the telephone companies
and for anyone else) to identify the source of, and or the names of
individuals placing the fraudulent telephone calls; or to prevent the
victim's caller ID from being circulated to other fraudulent callers
working off of mass-mailing or telemarketing lists. Thus, even if the
original fraudulent caller is identified, there is a high probability
that the victim's information will have already been forwarded multiple
times to other unscrupulous callers and telemarketers. In some
instances, the minutes used for fraudulent telephone calls have been
charged against the victim's telephone plans. As a result, the negative
impact to the victim never ends, but instead only snowballs and gets
worse and worse.
Currently, the victims of Spoofing have little or no recourse
against those who Spoof. The only effective way to end being victimized
is to change one's telephone number--a great inconvenience; due in part
to the infrastructure and technical operations of the telephone
companies.
In an attempt to put a stop to the never-ending harassment and
annoyance of unwanted telephone calls to my house, and to stop my
caller ID from being used to facilitate fraudulent calls: I contacted
my telephone company to inquire as to my options. To my frustration, I
was informed that I could not prevent my caller ID from being used to
facilitate Spoofing. Instead the only way my caller ID would not be
used, is if the recipient of the call contacted the telephone company
requesting that all calls from my name and number be blocked. Thus, the
only way my caller ID would totally be stopped from being fraudulently
used is if every single person who receives a fraudulent call contacts
the telephone company and requests that calls from my caller ID be
blocked; a highly unlikely scenario, especially in light of the fact
that my caller ID will have most likely been passed on to other
fraudulent callers.
Ultimately, like so many other victims of Spoofing, I was left with
only one effective option: changing the telephone number that my family
and I have had for fifteen years. This has been a significant
inconvenience, as my family and I had to inform our family, friends and
employers of the number change, as well as those companies that provide
basic services such as utilities and cable. But even changing our
telephone number is no guarantee that we will not be a victim of
Spoofing again, because the bad actors could obtain our new telephone
number, and the violations start all over.
conclusion
In conclusion, Spoofing, has no valid social or economic purpose,
and is thus a serious problem. My family and I have experienced first
hand the invasion of privacy, harassment, inconvenience and frustration
caused by Spoofing.
I want to thank this Subcommittee for holding this hearing on H.R.
5304, the PHONE Act, which will help reduce and hopefully eliminate the
harmful activity of Spoofing. I am happy to answer any questions.
Mr. Coble. And, Mr. Scott, we failed to set a record. Mr.
Kiko, the red light did illuminate just at the wrong time.
We'll hold you harmless for that. Now, gentlemen, we also
impose the 5-minute rule against ourselves as well. Let me
start by putting a hypothetical to Mr. Murphy or to Mr. Sabin.
Mr. Murphy, let's assume that I'm going to move some
furniture, and I know that Bobby Scott has a truck, and I know
he's not going to be interested in loaning--in lending that
truck to me, and he's going to avoid me. If I could ever
contact him, I think he'll be obliged to give me his truck. I
use Mr. Chabot's phone number, figuring he would accept
Chabot's call. I get him on the phone, and then I put my
question to him, and Bobby reluctantly loans the truck to me,
but voluntarily. Now, have I committed a crime under your bill,
Mr. Murphy or Mr. Sabin?
Mr. Murphy. No, I don't believe that is a crime under these
circumstances and certainly would be willing to work with the
Committee and the Justice Department to make sure we clearly
define that, because what happened there is you did not commit
a crime. However, if you used another phone number to access
private information--a Social Security number, credit card
numbers, et cetera--then it goes in that category.
What I see as the importance of this bill is really adding
a penalty when you use the phone and the phone spoofing to
commit a crime.
Mr. Coble. Well, in my hypothetical, Mr. Scott really has
lost nothing. He voluntarily relinquished the use of the truck,
but he wouldn't have done it if I'd used my phone number.
Mr. Sabin, what do you say to this?
Mr. Sabin. Currently, under Federal law, spoofing is not a
Federal crime. It can be critical as a means for trying to
accomplish some kind of scheme to defraud or other types of
illegality in certain circumstances, so we would address it
through mail fraud, wire fraud, other kinds of fraud-based
offenses. The key is the mens rea, the intent--the intent to
mislead in order to seek to obtain some property or some kind
of financial remuneration in certain circumstances, or harass
or do other things in other circumstances.
So you could have a range of penalties from a misdemeanor,
depending upon the kind of intent that you are seeking to
accomplish, but based upon your factual circumstances, it
certainly wouldn't be one that we would exercise prosecutorial
discretion; nor, based upon your facts, would I think it would
fall within the appropriate mens rea that it would be
actionable under Federal law.
Mr. Coble. That would be my hope, that even though I've
committed fraud against Mr. Scott in the phone call, he's
saying he suffered no damages except giving me the truck. Thank
you for that.
We're going to probably have a second round of questions
here, gentlemen, because my time is going to be up in a minute.
Mr. Martin, let me put a question to you. Does the act of
spoofing take on similar traits as other scams perpetrated on
the elderly; and, if so, what are other scams and similarities?
Mr. Martin. Yes, sir, I believe so, especially--like a few
years ago. Coming over here, I recall I testified before one of
the Subcommittees 7, 8, 9 years ago, on the telephone scams
that were occurring with more frequency, and especially among
the elderly, because as I said in my prepared remarks, the
elderly are shut-ins, if you will, at home. Sometimes their
only contact with the outside world is the telephone. And now,
of course, as we get into the computer business, more and more
relying on computers. But clearly, so many seniors live in a
home, and they perhaps don't hear quite as well as they did
some years ago, and they're lonely, quite frankly, and they're
all alone, and so----
Mr. Coble. And susceptible.
Mr. Martin. And very susceptible to these scams, and it's
just--it's heartbreaking when you hear some of these cases. But
I did testify a few years ago along those lines, and of course,
this is something new. As I said in my remarks, it's not a
pandemic yet, but it's certainly something that's on the
horizon. And we thank Mr. Murphy for introducing this bill, and
we thank, sincerely, this Committee for holding these hearings.
Mr. Coble. Thank you, sir.
You may have mentioned this in your testimony, but were you
able to determine who fraudulently used your caller ID, A; and,
B, was the telephone company any help in determining how the
fraudulent caller obtained your caller ID?
Mr. Kiko. No, we were never able to determine that, and the
telephone company was not--they were unable, really, to pursue
this or to be of much help other than to say we had to call--
the other people that were calling, they were the ones that had
to call to stop the number.
Mr. Coble. The distinguished gentleman from Virginia, Mr.
Scott.
Mr. Scott. Thank you. Mr. Chairman, I'd like to follow up
on, I guess it was your first question because, the operative
language in the bill at the top of page 2 says, ``Whoever
knowingly modifies caller ID information with intent to mislead
the recipient of the call as to the identity of the person
making the call shall be fined, imprisoned'' and so forth. So
the intent is to mislead.
What we have heard is we're not trying to cover those who
mislead for innocent purposes. So under the exceptions, if we
have any blocking of the caller ID, the person looking at the
caller ID knows it's been blocked, so you're getting no
information, rather than false information. And the second
exception is law enforcement activities.
So, Representative Murphy, I assume that you would want us
to make it clear that this is not aimed at innocent
misinformation?
Mr. Murphy. Yes. That's why I look to the wisdom of the
Committee on this, and it would be very helpful to do that;
although I recognize that that is a--intent, as a very
important example the Chairman used, would be a good one. On
the other hand, if someone used a phoney caller ID to get you
out of the house so they could come steal your truck, then it
becomes that second level.
Mr. Scott. We are not suggesting that the service should
not be available at all; is that right?
Mr. Murphy. That's not what I'm suggesting either, because
what happens is--for example, if you were making a call out of
your office in the House of Representatives from your private
line on your desk, that number does not show up on the
receiver, so it's not a matter of trying to prevent that from
being done at all but its being done in misleading
circumstances.
Mr. Scott. In fact, a caller ID number is displayed. It's
just the number for the switchboard, not--or some other number
that you can't get through.
Mr. Murphy. That's correct.
Mr. Scott. A number is displayed----
Mr. Murphy. Yes.
Mr. Scott.--showing what looks like a congressional office.
It's just not your number.
Mr. Murphy. It's the same thing. Many businesses use that
so that the individual's private line on their desk is not
accessible for people to call.
Mr. Scott. And sometimes you would want displayed a better
number to call back, so it is a friendly----
Mr. Murphy. Correct.
Mr. Scott. If you've got five lines in your office and you
pick up one line, and if they call back, you'd like them to
call the first line, you're not aiming at that.
Mr. Murphy. Not at all.
Mr. Scott. So the service should be available, just not for
criminal activities.
Under the exceptions, Mr. Sabin, you have law enforcement
exceptions. Are there other--should there be other exceptions?
I know women's shelters have an interest in keeping the phone
number secret. Are there ways of getting other exceptions in
here?
Mr. Sabin. We're open to working with the Committee to
establish appropriate exceptions. The two that are articulated
in the draft bill, we believe, are proper, and we would support
both the law enforcement exception for law enforcement
intelligence purposes as well as the call blocking. As to your
prior----
Mr. Scott. The call blocking is not an issue because that's
not false information.
Mr. Sabin. Correct.
Mr. Scott. The person knows they're not getting the
information, so that--and that's--I think we've covered that--
--
Mr. Sabin. Okay.
Mr. Scott.--but could there be other legitimate purposes
for misinformation? I think the women's shelters all have
caller ID blocked.
Mr. Sabin. Right. So you could have certain means by which
the person who is making--receiving the call could have the
call-blocking mechanism instituted so you could have that kind
of protection.
Mr. Scott. I mean the outgoing calls from a women's
shelter----
Mr. Sabin. Okay. So then you could have that means as well.
Mr. Scott.--would have, I think, blocked information. Would
they be--would you want them to have the option of having
another callback number, misinformation?
Mr. Sabin. See, that goes to the range of choices and the
preferences of what number you would want to have the--
receiving for the number; so you could work through certain
circumstances involving that, but that just is a restriction of
choice in that regard.
Mr. Scott. Okay. Mr. Chairman, if there's going to be
another round, I just have another series, and I'll just begin
the next series.
Mr. Coble. Yes, we'll have a second round.
The distinguished gentleman from Florida, Mr. Keller.
Mr. Keller. Thank you, Mr. Chairman, and let me begin with
my colleague, Mr. Murphy.
Is there currently any criminal statute that specifically
prohibits spoofing?
Mr. Murphy. Not that I'm aware of. In fact, the Web sites
for these specifically say it is legal to do this.
Mr. Keller. Okay. Mr. Sabin, let me put that to you.
There is no specific, at least Federal statute, in the area
of spoofing?
Mr. Sabin. Correct. There is no specific Federal statute.
We rely upon other statutes to address the fraud under Title 18
as well as, for example, unlawful access to computer systems
without authority. Under Title 18, United States Code, section
1030, 2701, relating to unopened voice mail is another
provision. So there are certain provisions that we can sort of
``ad hoc'' approach, but in terms of clarity and specificity,
we support the implementation of a specific bill targeting
spoofing.
Mr. Keller. So if you had like a crystal-clear case brought
to you by some law enforcement agency and asked DOJ to
prosecute it, you would have to use some more generic, general
fraud statute or refer it to, like, the State to see if there's
any State statute on point?
Mr. Sabin. I'm not aware of any States. I had some
discussion with folks. I believe there's a bill pending in
Alaska, and maybe one in Florida, on the State level.
What we have seen is the concept of SWATing where there's a
number of incidents where--hostage pranks or representations
that hostage-taking or bomb incidents are occurring, and you
have SWAT teams respond to a particular location. And that kind
of hoax is obviously a drain on law enforcement resources and
of concern to the individuals whose homes are surrounded by
SWAT teams. So that's another kind of Federal offense or
incidence of factual circumstances that we've seen.
Mr. Keller. Before I move on to Mr. Murphy, let me say I
noticed in the penalties here it has a fine or a penalty of up
to 5 years. And there's no mandatory minimums--which I've been
around Chairman-Elect Scott for a long time now, for 6 years--I
would think because it doesn't have the mandatory minimum, that
would make it easier for him to swallow. I will yield him time
to respond to that.
Mr. Scott. I think the gentleman knows me well.
Mr. Keller. Okay. So that's good. You've drafted it well,
and hopefully we'll be able to move this at some point for you.
Mr. Kiko, as the chief of staff of the Judiciary Committee,
you were a victim of this, I see, so they have really spoofed
the wrong person here.
Mr. Kiko. Yeah, I think they have.
Mr. Keller. I think I may be a victim of spoofing, too. I
keep getting calls from this organization called Jenny Craig,
and I can't imagine why they'd be calling me, but----
Mr. Murphy. I might add, on Mr. Kiko's calls, I believe he
began to get those calls after we introduced our bill. There is
no link between that in order to help him to move this bill.
Mr. Keller. Okay. Mr. Martin, have you heard from members
of your organization who have fallen victim to this scheme as
well?
Mr. Martin. Mr. Keller, not many as I said in my testimony,
but it is a growing problem. It is on the horizon. We're aware
of that, and we really are appreciative that this Committee is
moving ahead and being proactive on this issue.
Mr. Keller. Well, I want to just conclude by commending
Congressman Murphy for drafting this legislation. I think it's
not only a worthy issue, but you've drafted it in a nice,
narrow way that I think should ultimately enjoy bipartisan
support, and I appreciate all of your time and effort in this.
And, Mr. Chairman, I'll yield back.
Mr. Coble. I thank the gentleman from Florida, and since
there are only three of us here, we will have a brief second
round.
Mr. Murphy and/or Mr. Sabin, distinguish between your bill,
Mr. Murphy, and the House-passed Truth in Caller ID Act.
Mr. Murphy. Well, sir, in the previous bill, the Truth in
Caller ID Act, asked the FCC to create a rule to make caller ID
fraud illegal after 6 months within enactment. It has no
penalties with it. I don't think it provides any of the
distinctions. It is truly left up to the FCC to provide the
definitions. And the problem is that if one continues--if one
gets the equipment and can develop this on their own at home,
just because it's illegal you may shut down Web sites, but you
don't stop individuals from using that, especially if there is
no penalty involved with that. And I think that at the level
this is and how it can be used nationally for major crimes, it
is important that we actually put some teeth behind this and
some penalties.
Mr. Coble. Do you concur, Mr. Sabin?
Mr. Sabin. I do. I agree in terms of the law enforcement
objective. And I also believe it addresses, if I'm not
mistaken, not only land line cell phones but Voiceover Internet
Protocol, which I'm not sure was in the other bill.
Mr. Coble. Well, now that I have you in my sights, Mr.
Sabin, I'll come back with a second question.
Mr. Sabin. My pleasure.
Mr. Coble. You testified that terrorists, kidnappers and
other criminals oftentimes use caller ID spoofing to mislead
law enforcement or to throw them off the trail of their
criminal investigations.
Do you know of any cases in which this has actually
happened?
Mr. Sabin. My point was relating to SWATing, the idea that
you have a dire emergency situation. And we have, in talking to
the investigative authorities, 30 to 40 incidents that have
occurred nationwide where you have SWAT team responses to a
particular location where caller ID spoofing had caused that
kind of response to be one that drains time, energy and
resources as well as to, obviously, the victims at the
particular location. So, yes, it has obviously the potential,
as other panelists have mentioned, but those are grounded in
specific incidents of SWATing responses.
Mr. Coble. Thank you, sir. Mr. Murphy.
Mr. Murphy. Mr. Chairman, if I can add to that, some of the
risk, too, is that not only do these services change your phone
number, they'll also offer to disguise your voice. They'll
change a male to a female voice and a female to a male voice,
which actually adds to some of the risk and prevents law
enforcement from finding out. They cannot do a quick star 69 or
star 57 to trace the call and find out where this is really
coming from.
It really in many cases--I believe it may even require a
subpoena to track that down. And if they don't even know what
the voice is, that adds to the risk.
One of the things I worry about with the SWAT instances,
imagine some poor fellow who walks out of his house, who maybe
is about to go hunting, only to see a number of people there
with their guns up at him. Luckily, no one has been harmed
under these circumstances yet, but I think it is a very
dangerous situation.
Mr. Coble. Thank you. I have about 2 minutes to go.
Mr. Martin, do you or Mr. Kiko want to add anything? I have
no further questions.
Mr. Martin. No.
Mr. Kiko. No, sir.
Mr. Coble. The distinguished gentleman from Virginia.
Mr. Scott. Thank you, Mr. Chairman. I just have one or two
questions.
First, Mr. Sabin, you mentioned civil as well as criminal
sanctions. By ``civil sanctions,'' did you mean the Department
of Justice bringing a civil action; or did you mean a private
cause of action against the spoofer, which I think would
probably go without saying? I mean it's--certainly, you could
find that under the previous tort system.
Would there be a specific right of action, or are you
talking about DOJ action?
Mr. Sabin. DOJ, potentially injunctive relief, potentially
other kinds of civil remedies for a particular tort or the
like.
Mr. Scott. And would there be any difficulty in the victim
having a civil--a private right of action?
Mr. Sabin. I don't think we would be opposed to that. I
haven't really thought through that aspect, but I believe that
that would be appropriate to pursue by the particular victim
through their own lawyer and bringing of that suit.
Mr. Scott. But you wouldn't be--and do you think we would
need to specifically put that in the bill, that there is a
right of action; or do you think there's just inherently a
right of action when you have committed--when you have
victimized somebody like this, that there is just an inherent
right of action?
Mr. Sabin. I would think we would want--I would want to
talk to the subject matter experts on that, but I think that
that would be a particular cause of action in some kind of
civil tort that would be available.
Mr. Scott. Already, under present law.
Mr. Sabin. Yeah, I believe that's accurate, but I can check
with the Subcommittee on that.
Mr. Scott. Thank you. And also on the sentencing, since we
have a Sentencing Commission, would not the Sentencing
Commission establish guidelines for the appropriate sentence
based on the level of harassment, the level of fraud, the
amount of money involved in the fraud, and the number of people
victimized? Would the Sentencing Commission be able to deal
with that appropriately within the bill?
Mr. Sabin. Yes. You would have the Sentencing Commission
apply those and other factors to provide uniformity throughout
the Nation on a sentencing basis.
Our suggestion was that, based upon the means by which this
was used to facilitate another crime and the egregiousness of
that crime, you could have a statutory maximum that would, like
in Title 18, I believe, either 1028 or 1030, have a graduated
series of penalties as a statutory basis of 5 years or 10
years, or even as to a misdemeanor level to provide the full
breadth of prosecutorial options.
Mr. Scott. Thank you, Mr. Chairman.
Mr. Coble. Thank you, Mr. Scott.
Before we adjourn, Mr. Kiko, speaking for Mr. Scott and the
entire membership of this Subcommittee, we thank you for your
many years of service on the Hill, and we thank the other three
witnesses for your time and your testimony today.
In order to ensure a full record of the adequate
consideration of this important issue, the record will be left
open for additional submission for 7 days. Also, any written
questions that a Member wants to submit should be submitted
within this same 7-day period.
This concludes the legislative hearing on the Preventing
Harassment through Outbound Number Enforcement Act. Thank you
for your cooperation, and the Subcommittee stands adjourned.
[Whereupon, at 10:54 a.m., the Subcommittee was adjourned.]