I think there are a number of things worth re-emphasising. They are all based on recollections of not too long ago but, I suspect, still relevant...
1). The number seen on a subsriber's caller display is only one of several parameters available for an exchange-side check.
2). When a call arrives in the BT network, and it is lacking a calling party number, BT can send a message back towards the originator, requesting calling party number. If it is not provided, BT can reject the call.
3). There is a difference between 'CLI withheld' and 'Calling Party Number Not provided'. If it is merely withheld then it is available, in all its glory, to BT switches... They just don't signal it to the end subscriber. But they could use it in deciding whether or not to allow a call to proceed.
4). Caller ID 'spoofing' doesn't necessarily mean that calling number was spoofed, the calling number may still be present as well as the spoofed number, but it would be visible only to BT, not the end user. Thus again, BT could use the real Calling Party Number to decide to ditch the call.
5). All number parameters are accompanied by additional qualifiers, that say whether the number was 'user provided' or 'network provided', or 'network verified', etc. Again, these are only visible to BT, not their customers. But could be useful in decision making.
6.), 7.), 8) and more would be provided if I could be bothered digging out old protocol specs. But I'm retired, and I won't.
For all of above reasons, a properly executed BT diversion process could in theory be infinitely superior to a customer premise call-blocker. It remains to be seen whether they would or could do so, and whether it would be legal for them to do so, or legal to act as judge and jury in deciding who wins and who loses.
With that, I'm probably withdrawing from this debate. Glad to see it has stimulated interest.