Phone numbers are passed around like pocket change. Who has control today is not who has control tommorow.
But beyond that, if I buy a MagickJack today and send out 1,000,000 spams and 100,000 robo dials tomorow, how can the "owner" of that number be held responsible? Of course common sense says they cam't.
Phone numbers move far less than you think - when you port your phone number, it takes several hours for the change to happen. In the meantime, a call can ring one phone, the other phone, both, or none as the switching tables are updated. But in the meantime, the phone number is still owned by someone at that time. All you need to do is log when and who.
As for your magicjack? Well, at some point they have to interconnect to the phone system. If you can't trace beyond the phone system, then the interconnection is liable, to whom they'd probably be more than happy to send the bill to MagicJack to pay.
Basically, to make a phone call, you have the originating number. The thing is, your phone company providing you service actually knows the originating phone number that's not spoofed or anything - the originating phone number is sent as data to the called party's phone company. And logged. So your phone company knows who made the call and who's responsible.
If it goes through a third party call forwarding service, well, guess who holds liability now?
POTS is not like the Internet. POTS actually has verifiable sources - you cannot spoof the call as everyone exchanges connection information. Sure VoIP may make the real caller hard to find, but at some point the call had to enter the POTS network, and the gateway provider can be held responsible. And I'm sure for billing purposes they know who used that outgoing line - maybe not the subscriber, but the company that they contract POTS interconnection for.
Perhaps an auto-attendant might be an interesting way to solve the problem using grey listing - the autoattendant looks for familiar numbers, and if it's on the list, passes it through. If not, it answers the phone and walks through a script, asking the caller for their name, company and other details. It then asks the caller to hold, and rings the inside line, who passes the information onwards and you can decide if you want to take the call, black l ist, tar pit, or reject. Rejected calls get a simple "the party does not wish to speak with you, do you want to l eave a message?" while tarpitted calls get the "please wait" response every 30 seconds.