SPOOFING VS DIDS: Court’s Recent Refusal to Allow Subpoena for Phone Number Ownership Information Underscores Ongoing Judicial Confusion

Really interesting decision out of Texas this week.

So a Plaintiff filed suit against the owners of 32 telephone numbers that sent her spam texts and calls in a three week period. The numbers used to call her were all local DIDs–numbers bearing area codes from her vicinity.

To help her identify the owners of the numbers used to call her she moved for discovery in advance of the Rule 26 conference to subpoena telephone service providers to identify the owners of the remaining numbers.

So far so good right?

Interestingly, the Court denied the motion–despite no one being there to oppose it–and the rationale is absolutely fascinating.

In the Court’s view: “[T]here is no reasonable basis for the court to conclude that the owners of the numbers appearing on Taylor’s caller ID are likely to be the individuals or companies responsible for the placing spam calls or texts.”

Stay with me. The Court goes on to explain:

Caller ID “spoofing” occurs “when a caller deliberately falsifies the information transmitted to [a cell-phone owner’s] caller ID display to disguise their identity.” FCC, Caller ID Spoofing, https://www.fcc.gov/spoofing. The Federal Communications Commission has noted that “scammers often use neighbor spoofing so it appears that an incoming call is coming from a local number, or spoof a number from a company or a government agency that you may already know and trust.”

The list of phone numbers that Taylor has sued suggest that the spam callers may be using caller-ID spoofing. Taylor has sued, for example, six numbers starting with the area code “281” and six numbers starting with the area code “832,” both Houston area codes. The repeated use of local numbers with the same area code suggests that the caller may be attempting to disguise its identity by using a number that belongs to a different person or entity.

Get it?

The Court holds, in essence, because the callers were using a local area code they must have been spoofing–i.e. stealing–local businesses’ telephone numbers. And the Court was not going to open up discovery against businesses that, in the Court’s view, likely have nothing to do with the illegal conduct.

The case is KEANA TAYLOR v. AMERICAN HOME BUYER, LTD. (a/k/a Owner of Telephone Number 832-998-8783), ET AL., Case No. H-22-1169, 2022 WL 1405905 (S.D. Tex. May 4, 2022) and it illustrates the ongoing confusion in the Courts when it comes to spoofing vs. local touch DIDs.

For the uninitiated–and for any court clerks that might be reading this–there is a pretty important difference between the two practices.

If I operate a call center in Oklahoma and plan to make 100,000 calls a day there is a good chance I don’t want to use the same outbound phone number for all of those calls for various reasons. One option I can legally use is to request a phone carrier to assign a Direct Inward Dialing number (a “DID”) to that call center. Importantly I can request any area code for that DID– thus making a call from Florida or New York to Oklahoma free for the person I hope will call me back.

To be sure, some businesses may use so-called “local touch” DIDs to fool consumers into thinking it is a local business calling and not some Oklahoma call center, but that is not necessarily what everyone does. Your local bank, for instance, may use a call center to communicate with you regarding an account alert and still display the local bank phone number so that you know you can trust the caller. 

The practice is using local touch DIDs is COMPETELY different from spoofing–although folks get it confused. The DIDs are REAL VALID NUMBERS that actually return calls to the actual caller making the call. Spoofing is when someone STEALS A NUMBER that is not theirs and PRETENDS to be a different company.

Turning back to the Taylor case, I truthfully do not know whether the calls at issue in that case used spoofed numbers or valid DIDs. And while I think it is laudable–wonderful really–of the Court to try to protect innocent businesses from intrusion, I must say it is not quite accurate to assume a number is spoofed merely because it matches someone’s local area code.

I do respect this reasoning however:

[B]ased on the prevalence of caller-ID spoofing, the court is concerned that responses to Taylor’s intended subpoenas will not reveal the identity of the spam callers, and will instead infringe on the privacy of cell-phone users who are unaware that their numbers have been used in this capacity. Taylor’s pleadings and motion do not assuage that concern.

We’ll keep an eye on this.


1 Comment

  1. Most phones’ call logs now show whether a call is StirShaken verified. If verified, this is evidence of multiple DIDs being used and not the number being spoofed. Alternatively, if the calls are not StirShaken verified, then a carrier lookup could see which carriers the numbers belong to, and whether these carriers have implemented StirShaken with the recipient’s carrier (if so, then the calls should have been StirShaken verified, and non-verification indicates a spoofed number). Otherwise, the numbers are likely spoofed, and the subpoena could/should have sought permission to send subpoenas to traceback the origin of the call.

    Overall an interesting analysis by the court.

Leave a Reply