Restoring Confidence in CLI

Ross Mckillop

Ross Mckillop

27th April 2018

Ofcom recently published a new Guidelines for Calling Line Identification Facilities which includes amendments to the General Conditions and National Numbering Plan.

These changes, which we fully support, are aimed to restore some confidence in CLI and reduce misuse by ‘spoofing’ – although will require some changes both by us, and our customers.

These changes come into effect fully from October 2018, but we’re ahead of the curve on some of it already, and other changes will be introduced gradually between now and then.

Types of CLI

Within most parts of the telecoms network, there are generally two Caller IDs associated with a call. Within the UK, these are generally known as the Network Number and Presentation Number.

Historically, most SIP interconnects have treated these as one and the same, and typically only one caller ID is present in the signalling. This will change, and both will be present in your signalling, likely in the `From:` and `P-Asserted-Identity` headers as per NICC ND1017:2006/07.

These will be present on inbound calls to your platform from Simwood, and supported (and expected!) on outbound calls from your platform.

Network Number

The Network Number MUST be one that has been provided by the originating network or ported in. i.e. this MUST be a number on your Simwood account.

We will provide a means to set a default Network Number on a per-trunk basis, as well as overlaying an “Inserted Network Number” for any that do not have a Network Number provided.

From October 2018, calls sent to us which have a Network Number set that is invalid or not on your Simwood account will not complete.

This will not prevent you from presenting non-Simwood numbers to the called party, this will be facilitated with Presentation Numbers.

Presentation Number

If not specified, the Network Number will be presented to the called party as the single Caller ID.

Presentation Numbers can be used to present a different number from the Network Number, these are denoted as different types in the Ofcom guidance e.g;

  • A Presentation Number set on calls from an IDA service, i.e. to present a different caller ID. (“Type 1”)
  • The caller ID of an original caller (received from the public network), forwarded to another destination. (“Type 4”)
  • A call centre making calls on behalf of a client, who has given permission to use their number for outbound calls. (“Type 5”)

It is important to note that these must be A valid, dialable number which uniquely identifies the caller. That is, the number must be;

  • Valid. In the case of a UK number, this means it must be designated in the National Telephone Numbering Plan. In the case of an international number it must comply with ITU-T E.164 and have a valid country code and be of a valid length
  • Dialable. The number must be in service. In the case of a UK number, the number will be checked against the current Ofcom allocations and must be allocated to a CP. In the case of a UK mobile number, it must be in service.
  • Identify the Caller. The number must be one which has either been allocated to the caller, or which the caller has permission to use from a third party who has been allocated that number.

The ability to set presentation numbers is discretionary, and whilst we expect most of our customers to retain it, any misuse of this facility may result in presentation numbers being ignored.

Due to the way our network is built, these checks are trivial to implement, although we expect many will be using the “not technically practicable” defence for non-compliance that is still recognised. It’s worth noting this protects you as well as us, as with the increased focus on CLI misuse, it’s beneficial for us both that such traffic is stopped before it reaches the PSTN.

Inbound Call Changes

Another significant change is that CPs have an obligation to take steps to prevent calls that have invalid or non- dialable CLIs from reaching the called party.

So, not only must CLI be valid when calls are made, but calls with invalid CLI should not be allowed to reach your end users.

We have offered this functionality for years in the form of our Intelligent Call Rejection (ICR) service, and will be upgrading and expanding this in the coming weeks. We’re also going to introduce more powerful controls on call handling based on inbound CLI which will help you comply with the latest requirements, as well as provide additional services to help protect your customers from nuisance callers.

Finally, whilst we expect it won’t affect many of our customers as Caller ID is generally part of the standard offering in any VoIP-based telecoms service, Caller ID services must now be offered free of charge to the End User – something that legacy PSTN providers have levied a charge to provide for many years.

Your Responsibilities

It is the responsibility of the originating CP to ensure that CLI data is correct at call origination. This applies equally to both the Network number and the Presentation number. Likewise, you now have an obligation to prevent calls with Invalid CLIs reaching your end users.

In most cases our customers are the originating CP, so these responsibilities fall to you, but our aim is to provide appropriate tools and controls to help you comply with the new requirements with the minimum of changes to your own platform.

End User Privacy

As always, the consumer’s right to withhold their number is absolute, exceptions can be made for tracing malicious calls and emergency service access etc but in no circumstances must a withheld CLI be presented to the End User. There is no change here, but the guidance now includes information on how to handle this data.

Some customers, mainly those we host numbering for, will see Caller ID information where it is withheld – it is imperative that this is never passed to an End User.

CLI Misuse

We’ve long been proponents for better control over CLI. There is a commonly held belief that VoIP is the ‘Wild West’ of telecoms however there is no reason why it needs to be this way.

CLI is something the consumer needs to trust. It’s too easy to emulate a bank Caller ID (for example) and the idea has been floated before that perhaps we should block these caller IDs. That’s not the answer, however, and would greatly inconvenience our customers who actually provide services to the banks!

Our CEO, Simon Woodhead, authored a book Speaking Up on Telephony Risks which touches on many risks in the world of telephony, in which CLI is exposed as one of many attack vectors. A bit of shameless self-promotion, perhaps, but it’s a good read.

We’ve already implemented controls to try and curb invalid CLIs being sent via our network, and co-operate fully whenever any misuse is brought to our attention, therefore we welcome formal pro-active action from the regulator in this area.

Related posts