I am receiving 20-30 calls a week with spoofed caller IDs, which is tremendously annoying. I'm certain many of you have received those calls as well. Apparently VOIP makes it easy to spoof caller IDs, which helps spammers and scammers annoy and defraud us with impunity.
Thus the question: what makes it difficult to develop a secure non-spoofable VOIP-like protocol that would reliably identify the caller to the callee? I imagine that quite soon after such protocol, let's call it VOIPS, is developed it would replace VOIP: as soon as people can they would change their phone settings to accept VOIPS and reject VIOP. I know I would.
So, if VOIPS is possible, why nobody is developing it? And if there are technical difficulties for that, what are they?
The dominant protocol in the VoIP world at this time is SIP, Session Initiation Protocol.
The problem you highlight is recognised and there have been a number of proposals for dealing with it - the two most recognised, I think, are:
The approach in RFC 4474 is similar to the approach a browser uses to verify a valid website - SIP addresses are cryptographically signed by a trusted signing authority and hence can be verified before progressing a call.
It does requires the industry in general to embrace the approach to be effective and your particular provider to support the mechanism. Unfortunately, many SIP proxies today seem to modify SIP headers as they process them which means the receiver can no longer verify the signature, so the mechanism is not well adopted.
There is a group within the IETF which is actively looking at the whole issue right now - their name is Secure Telephone Identity Revisited (stir) and you can see the latest status here:
So in summary, no silver bullet yet, sadly, but the problem you describe is recognise and being worked on.