One interesting note--The way I read the legislation as it passed the house, there is not a 100% BAN on CID spoofing.

Quote Originally Posted by H.R. 251, as passed in the House
`(1) IN GENERAL- It shall be unlawful for any person within the United States, in connection with any telecommunications service or VOIP service, to cause any caller identification service to transmit misleading or inaccurate caller identification information, with the intent to defraud or cause harm.
(emphasis added)

So, here's the question. If a 'lax security' VoIP service allows their subscribers to set their outgoing CID number, who is held liable/accountable for 'intentional misleading to defraud or cause harm'? Is the VoIP provider in any way held accountable, or does the hammer fall on the individual doing the spoofing? How much due diligence does a carrier need to do to remain in compliance with this legislation?

If a person subscribes to multiple phone lines (each with its own DID), I read the text to say that it's perfectly lawful for that person to request that all of their lines send one of the DID numbers, since there's no intend to defraud or cause harm, but for a consistent presentation of their information. Once again, though, what controls are necessary to ensure that any such request is 'harmless'?

How are outbound-only services, which obviously do not have a DID associated with the line, restricted/regulated? Would they then be 'forced' to transmit "unavailable" (or is that in conflict with other CID/telecom laws)?

I'm not necessarily looking for immediate answers, but it's some food for thought...