Unmasking Caller-ID

Posted on January 27, 2014 by

Caller-ID can be a contentious topic. In regular daily use, it’s no big deal. But the FCC’s Truth in Caller-ID Act of 2009 (TiCA) addresses key privacy and openness issues that anyone curious about Caller-ID should be aware of.


Chances are, if you’re reading this article, you’re interested in unmasking Caller-ID because you’ve received masked calls. Based on the TiCA, the calls you’re receiving are totally legal and protected, unless the masked calls are coming from telemarketers. The FCC requires telemarketers to disclose their number (or the number of the seller they are working for). Failure to comply can result in a $10,000 fine per violation.

So if you pick up a masked telemarketing call (or one lands in your voicemail), tell the FCC all about it.

But what about unmasking those calls?

Back in 2008, Kevin Mitnick gave a keynote at The Last HOPE detailing how to unmask blocked Caller-ID. This video is a summary of his presentation.

In his demo, he used Flowroute. The presentation got coverage on cnet and a whole bunch of other places. And ever since, we regularly get calls asking if we can unmask Caller-ID. We don’t support unmasking. The FCC restricts carriers from exposing blocked Caller-IDs on calls that have requested privacy (unless the call is to a toll-free number).

When you dial a toll-free number, the party you call is permitted to see your phone number even if you want to block it, since they’re paying for the call. Some callers take advantage of this by intentionally looping calls through toll-free numbers just to strip out the privacy request and see Caller-ID info. There are also services available, like Trapcall and Snagcall, that will show Caller-ID when privacy is requested.

Our resident expert on all things regulatory, Flowroute CEO, Bayan Towfiq, says, “There are no specific FCC rules against non-carriers intentionally unmasking Caller-ID yet.” But unmasking could be categorized under what the FCC calls “provision of inaccurate caller identification information” (or call spoofing, which carries that same $10,000 fine).

Spoofing Caller-ID could include not respecting the caller’s right to privacy for ill-gotten gain. According to this FCC report, unmasking accomplished by “reversing the privacy indicator initially set in accordance with the caller’s privacy preference” (as Mitnick’s example did) could be considered the “provision of inaccurate caller identification information.” So, unmask at your own risk.

What’s the matter with unmasking?

The National Network to End Domestic Violence has petitioned the FCC to require carriers to notify callers if their request for privacy on a call is being reversed. The reason being, many programs for victims of domestic violence, and the victims themselves, need the privacy afforded by a blocked Caller-ID for their safety.

There’s no arguing against protecting the safety of fellow human beings. And even outside of that, it seems fair that callers expecting privacy on a call be notified that if they continue, that expectation won’t hold true. At least then, they have the choice of proceeding.

In the case of the person looking to unmask masked calls they’re getting (I think I’m talking to you), notifying blocked callers you can see them is a lot like putting signs up around your business advertising your closed circuit security cameras – “If you proceed, I’ll know everything.” And in that case, there’s a good chance those really abusive or annoying callers, the ones who really don’t want you to know who they are, will probably just hang up anyway and you win.

Unmasking Caller-ID is a grey area at best. There are real, recognized, and legislated requirements for privacy and safety. Could unmasking Caller-ID potentially place you in the bad graces of the FCC with some pretty hefty fines? Until the matter is settled, maybe you’re better off ignoring those anonymous calls (and reporting the fraudulent ones to the FCC for some good old fashioned fining).