Date: Thu, 09 Sep 93 16:53:54 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#028
Computer Privacy Digest Thu, 09 Sep 93 Volume 3 : Issue: 028
Today's Topics: Moderator: Dennis G. Rears
Re: Boston Globe Articles
Re: ANI
Re: ANI
Re: Computer Privacy Digest V3#025
Re: Computer Privacy Digest V3#026
Something to Consider
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 9 Sep 1993 12:38:04 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Re: Boston Globe Articles
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
-----
Eugene Levine <elevine@world.std.com>, writes:
> For those who can get access to the Boston Globe, that newspaper
> has just begun a series on privacy. It started on the front page of
> the Sunday edition (September 5, 1993)...
> This will probably arrive too late to let anyone catch the articles
> the first time around, but the first article was good enough to
> look for.
And you don't have to pay postage to respond. Their Internet address
for Letters to the Editor is <letters@globe.com>.
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
What good is a ticket to the good life, if you can't find the
entrance?
------------------------------
Date: Thu, 9 Sep 1993 12:42:09 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject:
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
-----
> A right does not have to exercised, either consistently or ever,
> for people to care about it and want it protected.
Oh contraire, "The tree of liberty must be refreshed from time
to time with the blood of patriots or it withers and dies."
The rights which we enjoy as free people are only here because
someone - to put it bluntly - put their ass on the line to protect
them. In some cases those people paid the ultimate price to do so.
It is only because some people risked their lives - and in some cases, had
to pay for that risk WITH their lives - that we have freedoms. Those who
note that some government is despoiling the lives of people help to
identify the situation, but they do not ameliorate it. In free countries
where the elected officials respect the public, all it takes is for people
to disapprove of the action and it can be stopped, as happened here when
the Medicare Catastrophic Health Care plan went into effect; sure, people
wanted catastrophic health care, but they did not want it at the cost that
was to be imposed upon them. They complained and the government stopped it.
The risk is low; it is easy to bear.
Where the gocvernmane it unreasonable or bankrupt, it takes armed
insurreaction and civil war. But that may be preferable to the
alternative. The risk is high, it is hard to bear. But in every
case where governments got too powerful, it was only this method
that made those in power cease and desist ruination of their people.
I dare to say it is only the threat of uprising that keeps politicians
from usurping people's rights; as long as they think people will do
nothing, they will take more and more away from them.
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
Troubled day for virgins over 16 who are beautiful and wealthy and live
in eucalyptus trees.
------------------------------
From: John M Joy <joyjohnm@cps.msu.edu>
Subject: Re: ANI
Date: 9 Sep 1993 14:08:54 GMT
Organization: Dept. of Computer Science, Michigan State University
Just a thought on this ANI issue:
- Since the recipient of the call is paying for the call, it would seem
reasonable to permit said recipient to see what the caller's number is.
- HOWEVER, this would be UNreasonable if the caller didn't know this was
going to happen ahead of time (i.e. in any contractual setting, both parties
to the contract should know up front what the terms of the contract are: if
the person doesn't want ANY disclosure of the number, the person need not
dial it).
My problem with 800 service ANI is the SECOND point. Even as a CPSR member
who has been actively working on privacy issues (e.g. SSN misuse), I didn't
know about it until a friend with a small business (and an 800 number) told
me. Only recently has SNET, the telephone co. for most of Connecticut,
started warning customers about the disclosure.
JMJ
------------------------------
Date: 09 Sep 1993 19:38:37 +0000 (GMT)
From: Dick Rinewalt <rinewalt@gamma.is.tcu.edu>
Subject: Re: ANI
Organization: Texas Christian Univ Comp Sci Dept
In a previous article, john@zygot.ati.com (John Higdon) says:
>Did anyone ever hear the fable about the silly women who sat around
No. Have you heard the similarly silly, untrue characterization of
ostriches - that they stick their heads in the sand when they sense
danger?
>I use ANI heavily. I use it for internal purposes and to
>protect myself against fraud. Please do not pontificate about how it is
>unnecessary or how it is not effective compared to the "harm" it causes
>until you have my credentials in the use of ANI and about eight years of
>experience in the field of customer-delivered ANI processing.
I know many people with 30 years of experience in their fields who
adamantly claim that FORTRAN is the only programming language worth
knowing. That experience made them valuable and successful in their
particular niches, but it did not make them experts in all applications
of that branch of knowledge. Experience sometimes produces tunnel vision.
>Dennis is absolutely correct in his assertion that most people do not
>care. Yes, I have extensively observed people's reactions and
>attitudes concerning it. I have yet to find anyone other than
>net.posters who has so much as raised an eyebrow over the issue.
But obviously some people do care. These observations (of clients? of
others using ANI? etc) and Dennis's survey of 10 colleagues are
unscientific, probably biased, and totally worthless. I can produce
the opposite result which would also be meaningless.
[Moderator's Note: I would agree with unscientific and worthless but not
unbiased. I just hit upon the closest people next to me:-) ._dennis ]
Dick Rinewalt Computer Science Dept Texas Christian Univ
rinewalt@gamma.is.tcu.edu 817-921-7166
------------------------------
From: John Macdonald <jmm@elegant.com>
Date: Thu, 9 Sep 1993 14:10:48 -0400
Subject: Re: Computer Privacy Digest V3#025
/===== Computer Privacy Digest V3#025 =====
|| Quoting Computer Privacy Digest Moderator, message dated Sep 8, 17:36
|+-----
|| [Moderator's Note: [ ... ] it [is] just a phone number. ._dennis ]
\=========================
No, it is not just a number. It is a number, correlated with
a specific business transaction, in a format that can be and
increasingly is collected into a database.
That database can be used to make inferences from the nature of
the transaction (the accuracy of the inferances can of course
vary widely) about the persons believed to be associated with
that number (again, the accuracy of that association can vary).
It can be combined with other similar databases collected by
other organizations and used for extract extremely subtle
inferences. The cost of collecting these databases has been
dropping drastically over the years for many reasons (cost of
computers is one, Caller-ID as a cheap substitute for real-time
ANI is another, legalizing the attachment of private devices to
the phone network and the subsequent development of inexpensive
devices to accomplish special purposes [like interfacing directly
with a computer]). This decrease in cost has been feeding an
exponential growth in the amount of information collected. We
are now reaching the point where a critical mass of such databases
is being reached whereby it is becoming feasible to correlate
large numbers of these database from many organizations for commercial
purposes (sort of like where the mailing list industry was 20 years
ago). Just as backlash against mailing list commercialization has
lead to most forms having a checkbox allowing the customer to choose
whether their name and address may be sold to outside mailing lists,
there is the desire expressed by people to have a similar control
over what is done with the transaction information associated with
their phone calls.
Desire for things like supression of ANI (as has been discussed) is
fueled by distrust - people believe that *some* companies will
collect and sell information about them without their knowledge
much less their consent, just as happened with addresses in the
last few decades. Just as the checkboxes got added to forms to
counteract the similar concern about giving addresses to companies
and just as laws have been passed in various jurisdictions to
ensure that people can have access to database information about
themselves, so will companies have to find ways of assuring their
customers that their phone number will not be used in a manner that
the customer does not want. As was the case with address lists,
the assurance will come as a mixture of voluntary action by companies
that wish to demonstrate concern for the interests of their customers
and legislation to force a minimal level of action by all companies.
ANI-blocking might come about if businesses do not address the
distrust effectively on their own in a timely fashion (i.e. before
publicity about some spectacular abuse causes a massive public outcry).
The fact that this makes 800 numbers less useful as well as more
expensive to businesses will not matter in that political situation.
--
You have to run before you can fly. | John Macdonald
- Jordan Macdonald (from personal experience) | jmm@Elegant.COM
------------------------------
From: John Macdonald <jmm@elegant.com>
Date: Thu, 9 Sep 1993 14:50:24 -0400
Subject: Re: Computer Privacy Digest V3#026
|| [Moderator's Note: ANI really doesn't contribute to it. You can get the
|| same information when somebody mails you a letter from the return
|| address. 800 numbers are mainly used by businesses, for the most part
|| they are used immediately then tossed. Rarely, are they used for
|| telephone call backs. I have a residential 800 number, I don't get real
|| time ANI, I do get a bill which every number who call me. A unlisted
|| number means that number is not given out to directory assistance or
|| published in the phone book. I have to agree with John, you are building
|| a straw man about a person being raped or murder on the basis of someone
|| getting a phone number by ANI.
|| None of the people I polled had an unlisted number.
|| ._dennis ]
Nobody requires you to put a return address on a letter - it is
voluntary.
So, at the present time, most businesses toss AMI info without
building databases with it.
So what.
Some businesses build databases.
Some businesses will be willing to pay for such databases (probably
some already do) - as that starts happening, we will quickly see a
change to the situation where many businesses build and sell such
databases.
Just because Dennis and John have assured us that *they* do not
build databases has no bearing on the fact that making a call to
XYZ Corp *may* get you entered into their database in addition to
allowing to talk to the people at XYZ Corp for whatever purpose
you have for calling them.
Most people do not commit significant crimes, but we still have laws
against those crimes.
Most companies do not (at present) collect databases from ANI, but
people are still concerned that *some* do and *many* might someday.
Given that concern, they wish to arrange some method of controlling
those databases.
Sure you can always call companies from a pay phone unless you trust
them to not do anything that you consider abusive with the data they
collect from your call, but it would be nice it there was some way
of making the default go the other way and making consent necessary
to collect ANI information into a database that will be sold outside
the collecting company (and possibly also requiring consent to use
that information for unsolicited marketing calls by the collecting
company).
--
You have to run before you can fly. | John Macdonald
- Jordan Macdonald (from personal experience) | jmm@Elegant.COM
------------------------------
Date: Thu, 9 Sep 93 12:33:03 EDT
From: "Mark W. Eichin" <eichin@athena.mit.edu>
Subject: Something to Consider
John Higdon says...
>> get bent out of shape over. When the phone company starts handing out
>> lifetime phone numbers, then come back and let us discuss the matter.
AT&T EasyReach(sm) 700 service. The slogan is "Life changes.
Your phone number doesn't have to."(sm) But you've missed something
important here, I think -- I just bought 700 service because it gives
me *more* privacy, not less. (I just moved from one town to another,
and have been exploring what I can do to enhance my privacy as a part
of this -- a post office box has done for most things, the big one I
haven't worked out yet is the DMV...)
Why does it give more privacy? My old phone number was
508-670-xxxx; that was enough to narrow things down to a small town,
to "zoom in" as it were, and find me. (This is why Medeco locks and
deadbolts are important...) My new phone number is 0-700-xxxxxxx and
even if I gave you the rest of the digits, it would tell you *nothing*
about the location (for that matter, the location of the number has
nothing to do with where I live -- it rings wherever I program it to.)
_Mark_ <eichin@athena.mit.edu>
MIT Student Information Processing Board
Cygnus Support <eichin@cygnus.com>
------------------------------
End of Computer Privacy Digest V3 #028
******************************