spoofcard

We interview a phone jacking mastermind

By Lewis G. Parker

Every year millions of people receive spoof calls from hijacked phone numbers. These range from innocuous pranks to serious cases of harassment and fraud. Just like the people who make the calls, the executives who run spoofing companies are often difficult to trace, and they rarely give interviews.

You can call as anyone

You can call as anyone

Meir Cohen is the president of TelTech, a New Jersey-based technology company. Its mobile app, SpoofCard, was launched seven years ago by Cohen and co-founder Eli Finkelman, and is now the world’s most successful caller ID spoofing tool. It allows users to make calls from any number that doesn’t belong to them, from their office phone number to that of the White House.

Meir Cohen

Even after innocent people were shot dead when spoof calls were made to the police, Cohen is still a staunch advocate of the technology. In 2011, he took the state of Mississippi to court in an attempt to overturn its ban on caller ID spoofing – and won.

In the exchange below, Cohen gives a spirited defence of the dangerous technology that earns his living.
[midk]
Hello, Meir. Why did you launch SpoofCard?
The idea behind SpoofCard was to protect the privacy of people who want to make calls but don’t want to expose their number. They can make phone calls and make it look like it’s coming from the office or from their home or from somewhere else.

That was the initial idea behind it and our customers have found a lot of uses for the product. We have battered women shelters that use it – they don’t want their phone numbers exposed – celebrities who are using it, doctors, lawyers, businessmen on the road. They use the SpoofCard to have people pick up the phone when otherwise they may not.

Can’t people withhold their number without pretending to be somebody else?
A blocked call gives a false sense of security because when you block your call, the phone company really just sends a privacy flag that’s telling the receiving phone not to show the number. There are services such as TrapCall [Another TelTech app] that unmask blocked calls. So, for example, if you call a toll-free number blocked, the person will still see who’s calling them. It’s just a false sense of security, it’s not true anonymity.

How secure are your services? Could I find out who’s behind the spoof call if they use your service?
It’s 100 per cent secure. There’s no way to find out. Unless you’re law enforcement and we were served with a subpoena or a court order.

So you do have the information, you just choose not to disclose it?
Exactly.

You say battered women use the service to disguise their phone calls. What if the shoe’s on the other foot, and someone that’s being abused and harassed wanted to find out who was calling them – would you help them?
We protect the privacy of our users. But if somebody is being harassed or abused over the phone, we definitely recommend that users should contact the authorities. If in fact they are and there was something illegal happening, the authorities will contact us, and if they are able to secure a court order or subpoena, then we are more than happy to comply. We didn’t create the service to be used by criminals or by stalkers or people like that. It’s inevitable any service – any technology – that’s created is going to be used for the good and the bad. There’s no way you can stop that. But we definitely don’t condone it.

I feel the same way as a car manufacturer would if you called them enablers of car accidents.

How do you feel about enabling harassment, fraud and in some cases murder, because “swatting” has led to people being shot dead?
Again, I feel the same way as a car manufacturer would if you called them enablers of car accidents. We’re creating an amazing technology that’s been protecting people for years, that has saved people’s lives, and if somebody chooses to use it in an illegal manner, the whole world shouldn’t suffer because of a few bad apples.

Can you give me an example of how it’s saved people’s lives?
There were battered women who protected their privacy. They were being stalked and when they tried to make a phone call to deal with custody issues or something like that, their phone number would be exposed, even if they were blocking their number, and their abusive husband would find where they lived. There are a lot of times when law enforcement use spoofing because they don’t want their numbers exposed. Criminal defence attorneys, prosecutors, we have millions of customers and we get mail all the time from customers who praise the product and how it helps them every single day. Doctors who have to return calls from patients at night but don’t want to expose their home number, now they’re able to.

Can’t you just create a technology that allows a number to be blocked effectively without allowing somebody to steal someone else’s number? For example, could you have numbers that don’t belong to anyone, which people could use, as opposed to allowing my phone number to be misappropriated?
You obviously don’t have a background in caller ID in general. Caller ID was never meant to be an identity, OK, it was never meant to be a verified identity. Caller ID was a convenience tool that the phone company passes on, a bit of information. In the same way you can pass on a bit of information when you send a letter in the mail, you can put an address on the top that says where it’s coming from.

But is has become a form of identity, because people have a phone number listed in a public directory.
[Laughs] It’s not, and you’re actually creating that problem by making it a fact. The fact that people are relying on caller ID and the technology – we didn’t invent Caller ID spoofing. Caller ID spoofing has been going on since caller ID was created, because that is how the phone system is built. The telephone companies depend on the carriers to tell them what number is being passed. You’re trying to recreate technology and recreate fact.

So you’d be quite happy for me to use your ID when calling prostitutes?
It’s not a matter of whether I would be happy, but you could do it.

But I’m asking whether you would be.
It’s a matter of whether you can do it. Yes, you can do that. If you feel you’d like to do that, you can do that.

That’s a challenge?
[Laughs] If that’s what you’d like to do then you can do that. If you’re doing something illegal with it, that’s another story. There are laws in place to protect people from these kinds of things – from harassment or from something of that manner. But if there’s nothing being done illegally, then yes.

So you’re OK with me using your number in a manner that is hugely annoying but not illegal, because this number doesn’t belong to you?
Again, it’s got nothing to do with me being happy. If you’re not doing something illegal there’s nothing I can do about that. Would you be happy if I went into a bar and said, this is Lewis, and made a fool out of myself pretending to be you? That’s not illegal. You wouldn’t be happy about it, but I’m allowed to do that, right?

I think that would probably be illegal in the UK [under the Defamation Act].
I don’t know about the UK, but it’s not illegal in America. It’s freedom of speech, I can say whatever I want.

OK, I understand, although freedom of speech is a qualified right. But do you think it’s right that somebody can do this?
I think the difference between right and legal is a very big difference.

I totally agree, that’s why I’m asking if you think it’s right.
Let me ask you a question. Is child pornography right?

No.
You think it’s wrong – you think it’s illegal?

Yes.
Do you think Internet Service Providers are enabling child pornography?

ISPs provide a service which can be used for many different things which have a legitimate use. I’ve spoken to a telecoms forensics expert who says, in the UK at least, services such as yours are used for nefarious means three quarters of the time.
I don’t know where he would come up with those numbers because there’s no way they could track any uses on our servers, so those are totally made-up numbers as far as I’m concerned.

If it was proven to be true would you back down?
There’s no way to know who’s using it suitably and who’s not. Based on what we face on a daily basis from customer service and people telling us what they’re using it for – over 90 per cent of our customers are using it for legitimate purposes.

Guns don’t kill people – people kill people, and that’s a very close argument over here.

But are the people using it for illegitimate purposes going to say why they’re using it?
If people are having problems, if we have to help customers out with issues to do with customer service, we can get a good idea, and the overwhelming majority of users we come into contact with are using it for totally legitimate purposes.

I’m reading some of the comments on SpoofCard’s blog by people who’ve been harassed and abused by people using your service, and they’re really upset about what’s happened to them. Is your response: get a lawyer, get a subpoena?
I feel terrible about people who have been harassed or stalked or anything like that, I really feel terrible. But again, we are not enabling it by operating and supporting a technology that’s used by millions and millions of people. Guns don’t kill people – people kill people, and that’s a very close argument over here. People can use our technology poorly, they can use the internet poorly. People can use every technology that’s invented for good reasons or bad reasons. I feel terrible if somebody’s getting harassed.

What’s the difference if somebody is getting harassed from a block call or a call from another phone number? There is no difference.

With a block call, you’re not being convinced that it’s your mother calling you, so you don’t feel the compulsion to answer?
Once you pick up you don’t think it’s your mother, right?

People can impersonate the police or government departments, and we don’t know what they sound like, but because it’s coming from that number, we believe it.
We work with police departments and law enforcements across the country, and we educate them about spoofing and how to deal with it. We block a lot of law enforcement phone numbers. We actually have a very good response with a lot of law enforcement and we’re working together with them.

So if you can just block a law enforcement number, why can’t you offer a blocked service for everyone else and not give them the chance to impersonate other people?
Because we’re not going to police every phone number and figure out who’s calling who and what. That’s not our position to do. On request if law enforcement contacts us, we do block their phone numbers. This is a technology that anybody can spoof their caller ID from any PBX [phone system]. Do you propose that every office that has PBX has somebody regulating it so that you can only send out certain phone numbers? That would be absurd.

Your argument has a lot of holes in it.

There will always be a way for people to spoof a caller ID if they try hard enough. But offering to do it for someone on a mobile phone app makes it so accessible. It would be like providing an iPhone app to hack into somebody’s bank account and saying, “I’m just providing the technology, if they choose to hack into it for the wrong reasons, that’s nothing to do with me.”
It’s called a web browser and that’s what Safari does. You can hack into someone’s computer from your Safari web browser on your iPhone if you know how to do it. Your argument has a lot of holes in it. You can use a web browser to view many illegal websites. Do you think Apple or Google enable illegal activities?

Google doesn’t market itself as being for hacking or child porn, even though they can be used for that, and neither does Firefox. You market yourself specifically to impersonate people. It has no other value, that’s the only thing it does.
I appreciate the interview, but we’re going in circles here.