Date: Thu, 09 Sep 93 09:58:14 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#027
Computer Privacy Digest Thu, 09 Sep 93 Volume 3 : Issue: 027
Today's Topics: Moderator: Dennis G. Rears
Re: ANI and CNID
Re: should gas siphoning be de-criminalized
Something to Consider
Combatting telemarketers (was: ANI)
Caller ID; a different view
Re: should gas siphoning be decriminalized
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Wed, 8 Sep 1993 18:01:50 -0800
From: "Glenn S. Tenney" <tenney@netcom.com>
Subject: Re: ANI and CNID
At 4:36 PM 9/8/93 -0500, Dennis G. Rears wrote:
>[Moderator's Note: Several things wrong here. First it was never
>a secret. It was part of the process of how it worked. It was no more a
>secret than North American Number Plan. Second, ANI does not steal
>privacy, at worse you could make a case for anonymity. Third, theft of
>gas is a crime, disclosure of a phone number isn't.
> ...
>[Moderator's Note: You're making a big jump going from ANI to privacy in
>general. I just took a short poll of 10 of my coworkers. None of them
>knew about ANI delivery and none cared either. As John Higdon says, it
>just a phone number. ._dennis ]
Dennis, although you and many of us "techies" know about ANI and have known
for a long time, the general public does not. To paraphrase The
Hitchhiker's Guide... The notice of what ANI was doing was posted above
the water cooler in the Bell Labs 2nd floor employee's lounge, it wasn't a
secret. To a first order approximation of the telephone user population,
it was and is a secret. When I was campaigning for Congress last year, in
talk after talk I do not recall a single person in my district who knew
about ANI, yet when told about it were aghast that 800 calls were not
anonymous.
Try asking your coworkers if they know anyone who has ever called 800
numbers such as: Witness-a-crime, child abuse hotline, runaways, suicide
prevention hotline, cocaine users anonymous, etc. and THEN ask them if they
would *ever* call such hotline if they knew that their calls were NOT
anonymous. Some police departments are using 800 numbers to report crimes
-- sometimes listed as an anonymous "tip" line -- and there's NO other
number to call except 911 which has E911 capabilities... So much for
anonymous tips.
Try calling an airline or hotel-chain reservation system without going
through an 800 number, they usually won't give out their non-800 number if
they have one. A friend in Japan called me to conference call him up with
an 800 number because there was no way for him to call the 800 number.
Yes, if you have certain calling cards you can make such calls, but not
everyone has that card.
Regardless of what you or John says, it is NOT just a phone number --
having access to it when you don't want someone to have access is a loss of
your anonymity (I would also say privacy, but...). That, combined with
on-line telephone directories gives the called party your name and address
in addition to phone number -- all when you are making what you thought was
an anonymous call.
Some have said that ANI is essential because the person paying for the call
should know the number. If that were so, then every call coming in to
every cellular phone should show up on their bill, since *they* are paying
for all calls. I have call-return (dials last number that called you --
doesn't work too often) and toll calls are listed as area-exchance-XXXX
even though *I* am paying for the call, so these numbers shouldn't be
hidden...
You see, I believe that ANI and CNID both are invasions of my anonymity and
privacy, and violate the ECPA...
[Moderator's Note: In most of those cases even though ANI is available
it is not necessarily used. Cellular phone is different for many reasons.
One of them being is that the cellular company doesn't have the number to
transmit. It is true that most companies do not have a POTS number,
though, I never had a problem getting one for an airline. Maybe the
problem is the reverse lookup dictionaries and not the ANI itself. I have
to ask the question that John does of Kelly; Can anyone produce one
horror story of ANI being used to breach the privacy or anonymity of
somebody. ._dennis ]
---
Glenn Tenney
tenney@netcom.com Amateur radio: AA6ER
Voice: (415) 574-3420 Fax: (415) 574-0546
------------------------------
From: "david.g.lewis" <deej@cbnewsf.cb.att.com>
Subject: Re: should gas siphoning be de-criminalized
Organization: AT&T
Date: Wed, 8 Sep 1993 20:58:39 GMT
In article <comp-privacy3.25.1@pica.army.mil> ua602@freenet.victoria.bc.ca writes:
>
>In a previous article, 0005066432@mcimail.com ("Tansin A. Darcos & Company") says:
>>From: Paul Robinson <TDARCOS@MCIMAIL.COM>
>>Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
>>
>>I believe ANI on calls has been available for more than TWENTY YEARS.
>>It has only been since the ordinary guy on the street has been able
>>to obtain the identifying number of a caller in real time that there
>>has been any bruhaha about this. Large businesses have been able to
>>get real-time ANI by paying a small fortune. It is only since people
>>discovered that their alleged private calls are not really private
>>that there has been any question about this.
>
>On the face of it you seem to be implying that the general public has
>been aware of this for 20 years, instead of it being a dirty secret.
>
>[Moderator's Note: ...
> Fourth, inform consent, who should inform who? Should it be the
>provider of 800 service (e.g. Sprint), the LEC (e.g. NJ Bell), the guy
>provides the wiring (Acme Electrical)? Are you one of these people who
>actually wants pages upon pages of mandatory disclosures? ._dennis ]
Funny you should mention "pages upon pages of mandatory disclosures";
service providers *are* obligated to make "pages upon pages of mandatory
disclosures". They're called tariffs.
I don't know about 20 years, but AT&T's INFO-2 (SM) service has been
available since 1988. INFO-2 is a tariffed service. All tariff filings
are public record. Therefore, the general public has been aware of INFO-2
service since 1988. QED.
If certain members of the "general public" choose to not avail themselves of
the opportunity to understand the publically-available information, that is
no one's fault but their own. It certainly can't be interpreted as a "dirty
secret".
David G Lewis AT&T Bell Laboratories
david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation
------------------------------
Date: Wed, 8 Sep 93 17:19 PDT
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Something to Consider
In the bruhaha about ANI, one should stop to consider this: ANI data is
only useful in the very short term. If some evil company is going to
abuse it, it would have to be done in a short period of time. Why? All
they have is a phone number. Americans change phone numbers sometimes
more frequently than they change socks. Yeah, you have had the same
number for forty years, blah, blah..... But then you would not be
average. And anyone knowledgably using ANI knows this.
So what happens to be your phone number today belongs to Road Pizza tomorrow.
This is a very, very poor foundation upon which to base these insidious
"lists" that the whinies are sniffing about.
Again, it is ONLY your phone number--which can be changed with a phone
call. Now if ANI delivery involved your SSN, that would be something to
get bent out of shape over. When the phone company starts handing out
lifetime phone numbers, then come back and let us discuss the matter.
Until then, get a life and find a new hobby.
Special disclaimer:
If you call my 800 number you WILL be revealing your billing number AND
it WILL go into a database to be used by me for whatever purpose I see
fit. You will also reveal your telephone's class of service, since I
get that info as well.
There, does that satisfy everyone? Have I sufficiently informed everyone
that I capture ANI? Is there any doubt in your mind? Is anything
unclear? Anyone else want to accuse me of trying to hide the reality of
ANI?
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
From: Todd Jonz <Todd.Jonz@corp.sun.com>
Newsgroups: comp.society.privacy
Subject: Combatting telemarketers (was: ANI)
Date: 9 Sep 1993 01:55:25 GMT
Organization: Sun Microsystems, Inc.
John Higdon <john@zygot.ati.com> writes:
> What do you and others really think a company is going to do with
> your phone number?...The only legitimate concern expressed here has
> been that some telemarketer MIGHT call some evening.
On two separate occasions during the last year or so, my wife and I have
received a sudden barrage of telemarketing calls, sometimes two or three in
the same evening, as many as eight or ten a week, for periods lasting two,
even three weeks. I assume that this has occurred because our phone number
*somehow* made its way onto a newly published list that we would never have
sought to join voluntarily. Your point would be well taken, John, if we only
received the occasional telemarketing call, but we consider the cumulative
effect of these calls to be a flagrant invasion of our privacy. Quite
frankly, I agree with Kelly Bert Manning <ua602@freenet.victoria.bc.ca>, who
writes:
> Most people feel that information that is given for one purpose
> should not be used for another unrelated purpose without their
> consent, or transferred to a third party.
John also points out the proper way to handle these problems, and it parallels
the plan that we have adopted to combat these onslaughts:
> If you feel that you have action against someone who has made
> improper use of your phone number, then ask for compensation. If he
> refuses take him to court.
We borrowed our strategy from an episode of the PBS series "Nova" about the
commercial information industry entitled "We Know Where You Live". As I
recall, the fellow who espoused this strategy had used it to prosecute
successfully.
When a telephone solicitor calls, we explain to the caller that ours is a
private telephone number, not a business phone, and that we do not authorize
anyone to use it for business purposes without our express permission. We
then offer to grant this permission to the caller's organization for a fee of
$100 per month, payable in advance on the first day of each month. (You can
imagine the wide variety of surprised responses we get to this!) Next we ask
for the name and address of the organization making the solicitation so that
we can send them the appropriate application forms. It's at this point, of
course, that most of the callers hang up on us (there's a switch!), but in
some cases we already have all the information we need, like the contract
boiler room that hawks tickets every year to some kind of variety show in the
name of the local Police or Firefighters' Benevolent Association. When we
know where to find the solicitor, we drop them a friendly note and repeat our
offer in writing.
Purely on principle, we hope one day to get the opportunity to take one of
these jokers to court for as much as our informal legal counsel tells us we
have a reasonable chance of collecting. We have already been advised that our
best bet would be to bring an action against an out-of-state concession in the
local small claims court, where their defense expenses would exceed the
compensation we are seeking, which I believe can go as high as $5,000 in a
California small claims court.
-- Todd
------------------------------
Date: Thu, 9 Sep 93 00:05:44 MDT
From: Kenneth Ingham <ingham@i-pi.com>
Subject: Caller ID; a different view
I would like to present a differnt view of the caller id discussion.
We have caller id here in New Mexico. We purchased it.
Since it comes with both name as well as number, it makes an excellent
screening device for phone calls (we just need one for each phone :-).
If we do not recognize the name or if it is an anonymous call, we simply
do not answer the phone. We let the machine get it.
As a result, it is now a rare occasion when I talk to a telemarketer.
I find this a very nice step forward.
I realize that most of the discussion is around businesses obtaining your
number when you call, but it works both ways... Now I can fight back by
ignoring the phone if they call me and I don't want to talk with them.
Kenneth
ingham@i-pi.com
------------------------------
Date: Thu, 9 Sep 93 00:12:46 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: should gas siphoning be decriminalized
In a previous article, the moderator says
>[Moderator's Note: Several things wrong here. First it was never
>a secret. It was part of the process of how it worked. It was no more a
>secret than North American Number Plan.
Is your tongue in your cheek? Yes, the old NA Number Plan, I'll have to
get it down from my bookshelf and have a look. Does this rate as
security by obscurity? Something which is only know to a technical elite
may as well be a secret, particularly if affected parties are not told.
> Second, ANI does not steal
>privacy, at worse you could make a case for anonymity. Third, theft of
>gas is a crime, disclosure of a phone number isn't.
What about charging me $300 over 12 years not to give out my number and
giving it out whenever I called a magazine about a subscription problem,
such as late arrival? If that doesn't qualify as misleading or false
advertising I don't know what does. I subscribe by mail and include
checks or money orders. Once they have cleared then as far as I am
concerned I have already paid for any 800 calls I may have to make about
late or missing issues. This covers over half the life of ANI.
> By, implication you are accusing businesses who use 800 service of
>being dishonest. What would you have them do? State "If you dial this
>800 number, the billing number will be shown to us?".
> Fourth, inform consent, who should inform who? Should it be the
>provider of 800 service (e.g. Sprint), the LEC (e.g. NJ Bell), the guy
>provides the wiring (Acme Electrical)? Are you one of these people who
>actually wants pages upon pages of mandatory disclosures? ._dennis ]
>
Are we on the same topic here?
My analysis is that this issue splits into 2 tracks. For people with
published numbers this is probably a non-issue. For people who pay for
non-published numbers there should be a substantial issue that their
reasonable expectation of privacy of their unlisted number is not being met.
Should I have stated that I'm following the unlisted number issue up front?
Over the last dozen years I have paid BC Tel over $300 not to tell anyone
my home phone numbers. They didn't mention any exceptions to this on any
of the 4 times that I contacted them to arrange for a service at new
unlisted numbers. That would have been an appropriate time to inform me.
BC Tel also has text in it's telephone directories about making toll free
long distance 800 calls, and how to call directory assistance to ask for
them. This would also be an appropriate place to disclose. BC Tel also runs
TV ads almost every weekday about it's 800 entry service. A number of the
proponents of this have mentioned how valuable ANI is in preventing fraud.
How is it that BC Tel never seems to get around to mentioning this in it's
ads? That would be an appropriate place to mention such a valuable feature,
while also informing BC Tel's unlisted customers about this.
I only found out about ANI about 18 months ago. Do I think BC Tel and
other Telcos that fail to inform customers are dishonest? I think that
not informing unlisted subscribers is just as dishonest as if a car
dealer sold customers locking gas caps and also sold master keys for them
to other people.
As to pages of disclaimers, are you kidding? A lot can be said with just
a symbol or logo. How about adding the initials ANI in small print each
time someone advertises an 800 number that uses ANI? The Canadian Direct
Marketing Association's adoption of a mandatory code of ethics has made
the display of the CDMA integrity logo a shorthand way of saying a lot
about what customers can expect in the way of privacy. A similar approach
by businesses that use 800 ANI lines would go a long way to defusing this.
[Moderator's Note: ANI is not the only place where the LEC gives out
phone numbers. They are required to by FCC regulations to give it to
any long distance company that asks for it. If there is a court order
they are required to give it out. In my phone book, "Morris County
Area, NJ" under Non-published number it states "Your number is not in
the directory and is not available through Directory Assistance". Do
you want the LEC to list every possible circumstance where you number
is revealed. All that is being given out is phone number; no name, no
ssn, no complete address. As far as it being a secret, there is an
implication in the word secret that it was deliberating being withheld from
the public. From a technical stand point your LEC did not "give it
out". It was necessary to give it to the long distance provider to
complete the call. It was the 800 provider that gave it out.
------------------------------
End of Computer Privacy Digest V3 #027
******************************