Caller ID spoofing is rather easy to do for anyone who is willing to make the effort and apps to make it even easier. It’s akin to forging the “From:” header in an email. Both of these standards were developed in a time and environment where malicious use wasn’t a concern. Today obviously that’s hardly the case.
Now the House passed the “Truth in Caller ID Act of 2010“, which makes it illegal to spoof Caller ID information “with the intent to defraud and deceive”. Blocking is explicitly still allowed.
It covers any technology, not just POTS meaning that VoIP technologies are impacted. In theory even a poorly chosen Skype username (or whatever service you’re using) would technically be illegal. So don’t call yourself “HotChick69” if you can’t prove that it is accurate in court. “With the intent to defraud and deceive” suggests that Google Voice can still spoof Caller ID for the purpose of showing the original number it’s forwarding for, but I’m sure their lawyers are examining things closely.
It reminds me of the “CAN-SPAM Act of 2003”, which has been
</sarcasm>. I’m sure nobody will ever spoof Caller ID again.
That said, this is why one should be concerned about services that recognize the phone number your dialing from and let you bypass security measures. Always use a pin.