Date: Sat, 11 Sep 93 12:26:34 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#031
Computer Privacy Digest Sat, 11 Sep 93 Volume 3 : Issue: 031
Today's Topics: Moderator: Dennis G. Rears
Re: Computer Privacy Digest V3#026
Re: ANI
Re: ANI
Re: ANI and CNID (was: Re: Computer Privacy Digest V3#026)
Re: ANI
Re: ANI
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Fri, 10 Sep 93 11:08 PDT
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: Computer Privacy Digest V3#026
On Sep 10 at 11:47, John Macdonald writes:
> And you are claiming that since *you* do not misuse ANI *no-one*
> ever has or ever will.
I make no such claim. It is possible for anyone to abuse anything. And
if anyone in the course of such abuse injures or causes anyone to be
injured in any way, I feel that all legal remedies should be brought to
bear.
> I have given a very good reason for people to fear ANI many times.
> Experience with mailing lists.
You have made a dubious connection between two unrelated fields and
then use that shaky premise to "prove" your point. I do not
buy fantasy and speculation. Further, even if your crystal ball is
right on the money and you can predict the future based upon contorted
logic, I am not a fan of "preventative" legislation where no real need
has been demonstrated.
And finally, from an individualistic point of view, why should I be
penalized because you THINK others might abuse something? I am getting
very tired of the glib "for the good of society" argument. More and
more rights and freedoms in this country are being trampled on "for the
good of society".
So until someone can come up with something more than fantasy,
speculation, opinion, logic, and paranoia, I have nothing more to say
on the matter. There has been ample time (twenty years) for hard data
to be collected on the dangers of ANI delivery. Even Caller-ID has been
with us for awhile. I am open to examine case histories, but I am
through "debating" in a vacuum.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
From: John M Joy <kumquat!joyjohnm@uunet.uu.net>
Subject: Re: ANI
Date: 10 Sep 1993 18:38:05 GMT
Organization: Department of Computer Science, Michigan State University
In article <comp-privacy3.30.5@pica.army.mil> "david.g.lewis" <deej@cbnewsf.cb.att.com> writes:
>
>You seem to be seeing a contractual obligation where, IMHO, none can be
>present; namely, between the calling party and the called party. I
>call an 800 number to receive some service - be it information,
>negotiation of a future transaction, customer support, or what have
>you. I am not providing any consideration for that service; on the
>contrary, the called party is explicitly enabling me to contact them
>without any payment on my part. From what little I remember of one
>business law course I took years ago, there can be no contract without
>consideration from each party.
My comments regarding any sort of contract between called and calling
parties was meant as a metaphor, not an invocation of contract law.
My point was that (1) the 800 customer has something the caller wants;
(2) in exchange, it seems reasonable for the 800 customer to want something
in return. However, the caller should know up-front that such a "catch"
is there, and, as I had noted, most people were never informed of such
a "catch."
>Where the contract *does* exist is between the called party and the 800
>service provider. The 800 service provider provides to the 800
>customer a telecommunications service, and the 800 customer provides
>consideration in the form of payment for the telecommunications
>service. More explicitly, for "ANI-delivery" services the 800 service
>provider provides to the 800 customer an information forwarding service
>- the forwarding of the calling party's billing number at call setup -
>and the customer provides consideration in the form of a per-call
>payment for each billing number forwarded.
This is true. However, that's between the provider and the 800 customer.
The average telephone network user (caller) has to deal with a local
telephone company, which, at least in any area I know, is a monopoly and
regulated as a utility (just like the electric company). After all, we
can't have every Tom, Dick, and Harry putting lines on the local telephone
poles. Thus, my service agreement is with my local telephone company.
THEY are the ones actually transmitting the caller's number in accordance
with whatever agreements THEY have with long-distance carriers.
>Under the strictest interpretation of contract law, this could be a
>totally private transaction; however, as most telecommunications
>service providers are obligated to file tariffs for all services, the
>"contract" is a matter of public record. As I've said before, I
>consider it somewhat of a leap of reasoning to go from "I never knew
>that my ANI was sent to 800 customers" to "ANI delivery is a deep dark
>telco secret". The information has been disclosed to the public.
>Tariff filings are public record. You don't even need FOIA requests to
>get them - they're in libraries. What do telcos have to do, go
>door-to-door handing out leaflets?
No, but (a) telling a customer up front, at the time the service is
established, and/or (b) in lieu of (a), as in the case of the
Southern New England Telephone Company (Connecticut), placing a notice
on/in the telephone bill, that customers dialing 700, 800, or 900 numbers
may have their calling number released regardless of CID setting, is
more than reasonable. Customers should likewise have the option of
disabling calls to these numbers from CID-blocked lines.
As far as tariff filings being public record: I know my public library
back home didn't have them. Yes, it is unreasonable to expect Joe
Customer to pour through volumes of tariff charts and legalese to get
such information. Case in point: ANY government agency requesting a
Social Security Account number MUST, AT THE TIME SUCH A REQUEST IS MADE,
provide a Privacy Act statement. Yes, the statement is on file in some
Federal document or other. But in most real-life situations, people don't
have the luxury of being able to drop everything and run to the nearest
legal library to research their rights - hence the Privacy Act.
Local telephone companies - the monopolies with whom the average telephone
user has a service agreement - are "quasigovernment" entities, and thus
subject to increased regulation (usually in the form of a "Department of
Public Utility Control"). As such, while being granted the right to operate
in a particular area without competition, they inherit the responsibility
to be reasonable and above-board in their dealings with customers. Selling
a user's identification without the user's knowledge, and despite options
suggesting that such a sale would not happen (e.g. unlisted/unpublished/*67/
line block), is unreasonable.
JMJ
------------------------------
Date: Fri, 10 Sep 93 15:39:40 EDT
From: Dennis G. Rears <drears@pica.army.mil>
Subject: Re: ANI
>My comments regarding any sort of contract between called and calling
>parties was meant as a metaphor, not an invocation of contract law.
>My point was that (1) the 800 customer has something the caller wants;
>(2) in exchange, it seems reasonable for the 800 customer to want something
>in return. However, the caller should know up-front that such a "catch"
>is there, and, as I had noted, most people were never informed of such
>a "catch."
>
>
>This is true. However, that's between the provider and the 800 customer.
>The average telephone network user (caller) has to deal with a local
>telephone company, which, at least in any area I know, is a monopoly and
>regulated as a utility (just like the electric company). After all, we
>can't have every Tom, Dick, and Harry putting lines on the local telephone
>poles. Thus, my service agreement is with my local telephone company.
>THEY are the ones actually transmitting the caller's number in accordance
>with whatever agreements THEY have with long-distance carriers.
^^^^^^^^^^
They are not agreements. They are FCC requirements.
>No, but (a) telling a customer up front, at the time the service is
>established, and/or (b) in lieu of (a), as in the case of the
>Southern New England Telephone Company (Connecticut), placing a notice
>on/in the telephone bill, that customers dialing 700, 800, or 900 numbers
>may have their calling number released regardless of CID setting, is
>more than reasonable. Customers should likewise have the option of
>disabling calls to these numbers from CID-blocked lines.
Why should they have an option? The telephone company is providing
you a service on their terms. If you don't like don't use their service
or convince them it is in their economic interests to change. Do you
have any idea of the cost to impliment ANI blocking?
>
>As far as tariff filings being public record: I know my public library
>back home didn't have them. Yes, it is unreasonable to expect Joe
>Customer to pour through volumes of tariff charts and legalese to get
>such information.
Then who decides what part of the tariff should be put into the phone
book? I think it is more of a question that TPC didn't think to put it
in the phone book than decided to not put it in a phone book. There is
so much info that is useless to the consumer in the tariffs.
>Case in point: ANY government agency requesting a
>Social Security Account number MUST, AT THE TIME SUCH A REQUEST IS MADE,
>provide a Privacy Act statement. Yes, the statement is on file in some
>Federal document or other. But in most real-life situations, people don't
>have the luxury of being able to drop everything and run to the nearest
>legal library to research their rights - hence the Privacy Act.
This is irrelavant. The Privacy Act only applies when the SSN is
coming directly from the SSN owner. In this case it is TPC which is
providing the number not the subscriber.
>
>Local telephone companies - the monopolies with whom the average telephone
>user has a service agreement - are "quasigovernment" entities, and thus
>subject to increased regulation (usually in the form of a "Department of
>Public Utility Control"). As such, while being granted the right to operate
>in a particular area without competition, they inherit the responsibility
>to be reasonable and above-board in their dealings with customers. Selling
>a user's identification without the user's knowledge, and despite options
>suggesting that such a sale would not happen (e.g. unlisted/unpublished/*67/
>line block), is unreasonable.
First they are public utilities, not quasigovernment entities. The New
Jersey Turnpike authority is an example of a quasigovernment enitity.
They are not selling a user's indentification. They are only giving the
phone number and class of service. They are not giving a name or address.
Unlisted & unpublished mean very precise things. Call block states it
will block Caller ID and it does.
This hopefully will be my last thoughts on the subject. I think the main
issue here is that the general public is not aware of ANI and people
think TPC should publish this. I have no problem with TPC notifying
people about ANI. The other issue is about blocking ANI; It's not going to
happen.
dennis
------------------------------
Newsgroups: comp.society.privacy
From: Hans Lachman <lachman@netcom.com>
Subject: Re: ANI and CNID (was: Re: Computer Privacy Digest V3#026)
Organization: Netcom
Date: Sat, 11 Sep 1993 00:14:33 GMT
Apparently-To: comp-society-privacy@uunet.uu.net
In article <comp-privacy3.29.7@pica.army.mil> John Higdon <john@zygot.ati.com> writes:
>John Macdonald <jmm@elegant.com> writes:
>
>> ... it would be nice it there was some way
>> of making the default go the other way and making consent necessary
>> to collect ANI information into a database ...
>
>You are claiming that ANI delivery causes harm. Prove it.
Does the ability to *suppress* ANI/CNID cause harm? Prove it.
[Moderator's Note: If ANI was suppressed, the 800 owner could refused to
pay for the call. Besides, the owner is paying for delivery. ._dennis ]
Hans Lachman
lachman@netcom.com
------------------------------
Date: Fri, 10 Sep 93 17:18:28 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: ANI
Reply-To: ua602@freenet.victoria.bc.ca
All the new stuff begins about 3 screens in.
>
>In <comp-privacy3.26.4@pica.army.mil> Kelly Bert Manning
><ua602@freenet.victoria.bc.ca> writes:
>
>>This has to do with a phone number being a key which can be used to
>>identify a persons home address without much trouble. Instead of having
>>to check every state driver registry a stalker simply has to look at the
>>list of registered voters in a particular electoral district of a specific
>>city in one state.
>
>A stalker could just as easily follow you home from work, the grocery store,
>or any number of other places. How do you suggest we handle situations like
>those? (I know how I would handle it, but I'm curious as to how you would.)
>Eventually you are going to have to confront the fact that shit happens and
>you have to take responsibility for your own safety. (In other words, you
>watch over Kelly and I'll watch over John. I don't need you or anyone else
Why bother with police then? Actually this has a high potential for
escalating into a flamewar, so I won't respond to this comment.
>to protect me from ANI or the boggeyman.)
>
>If you're concerned about someone finding your address: rent a private
>mailbox somewhere. Then use it for everything that is a matter of public
>record. If you're concerned about a company using ANI in some unsavory
>manner, either 1) don't patronize that company, 2) call their non-800
>number, or 3) do business is some other fashion (e.g., by mail, by fax,
>or in person).
>
>john
Actually I'm surprised to have to tell you and the moderator that I've
had a series of mail boxes over the last 5 years. I thought that that
didn't have to be said, just as I'm surprised that the moderator though
that a return address on an envelope would say anything about where I
live within the 10 incorportated areas Greater Victoria.
Should I also mention that there is no identification of where I live
on my checks? The only address is the bank branch, which I haven't set
foot in in over a year.
Canada Post corp has essentially privatized all post office service and
private citizens can only deal with what are called Retail Postal Outlets.
These have to offer PO box service as part of their service. This has
created a proliferation of such boxes in malls, sometimes as standalone
operations, but usually as a sideline in a pharmacy, a drycleaner, or a
7-11. One feature of these being Real PO boxes is that Canada Post allows
you to forward mail to them from another mailing address for about $15
for 90 days. When I last moved I did this from my old street address for
210 days. My PO box has no relationship to my home address. Features that
I looked for were a number of different approachs to it, and a number of
different places to park relative to it. The hours that it is open are
also important, since I don't want to set a pattern of picking up mail
at a particular time or day of the week/month.
Canadian malls security staff don't carry guns like their US counterparts
but they are professional enough that 2 were able to arrest an armed
mass murderer from California in an Aleberta mall. Store owners pay
attention to who is hanging around and loitering.
I'm surprised that you don't seem to think that in 13 years we have run
into him or seen him near where we work. He has been spotted driving
around the parking lot where my wife and I used to work. The friend
who commented on seeing him commented that he didn't see him long enough
to get the licence or a good vehicle description, but commented that it
"looked stolen". This was in reference to the fact that he has a long
record for auto theft and possession of stolen cars, as well as other
property.
Funny you should ask what we would do if he started tailing us. About
the time that we decided to avoid him an acquaintance noticed him
following her around in a van. She wrote down the licence plate and
make and drove to a police station. He disappeared when she did this.
The police found that the registry data for the plates didn't match the
vehicle description in any way, so they gave her an escort home and
initiated a search which guickly located the vehicle. One of the detectives
involved with the college student disappearance was part of the surveillance
team but this guy never returned to it.
In general this guy has never had the money to insure a vehicle, although
he may be able to get his name registered on a junker. He has such a long
record of auto theft/possesion that police would have no trouble justifying
a vehicle pull over if we called 911 from a pay or cell phone.
The only difficult I've had with my PO Box is finding one of my tires
rapidly loosing air from what may have been a knife puncture once when
I parked right outside the closest mall entrance to my PO box. Canada
has national firearms acquisition controls which make it difficult for
someone to get a firearm unless the local police approve. Unfortunately
we get a tide of them coming over the US border illegally. I seen reports
about polls showing that most US citizens want similar controls.(please
don't start up a flamewar about the right to bear arms, 3 of my grandparents
were homesteaders who came from the US and I have a bookful of stories about
forebears who took up arms against the tories and hessians. I respect the
political system that they fought to establish but I also understand the
need to adapt to different threats in different times).
As to using my PO box for all matters of public record, that is not possible
but I am not going to spell out the details. As I mentioned in "who cares"
I am beginning my work on public records which provide a name key retrieval
over a wide geographic area. The BC Ombudsman's office, and the Registrar of
(Credit) Reporting Agencies have been valuable resources in dealing with
various public and private data banks, but the Ombudsman Office role
will be taken over by the new BC Privacy Commissioner later this fall.
I'm surprised that I have to go into this much detail, I assumed that this
forum has seen a lot of discussion along these lines. One technique that I
haven't tried out is paying for a non-Canada Post mail forwarder.
One circumstance in which I exercise extreme caution is when I get a call
from my PO Box saying that a Priority Post parcel has arrived. I've made
a hobby of filing coments on Cable operation and channel renewal
applications for some time, occassionaly some letter I've written results
in them sending me a notice of some hearing that they seem to feel I may
wish to comment on. The downside of this is that the hearing documents are
publicly available, but only in CRTC offices. I did get one phone call from
a toronto newspaper when I included my work phone number on the CRTC copy
of one filing, which I resolved by including it in subsequent filings on
a separate piece of paper which stated that it was not provided for CRTC
staff use only as was not part of the comment. This has given me enough
knowledge of the CRTC process that I feel that they may be my best avenue
of dealing with the ANI informed consent issue. I did win the only objection
I ever filed with the CRTC about a BC Tel rate increase proposal.
The moderator suggested that knowing my home phone number would not identify
my address any more closely than a return mail address would. Let's look
at the number. Greater Victoria is not particularly highly populated, so it
only has 34 exchange codes, and 11 town/city halls at which local municipal
records could be examined or purchased. The BC Tel directory showing the
free calling areas is overlaid with a map of municipal boundaries, so the
exchange prefix narrows the number of sets of records to be searched from
11 to 1, a 90% reduction. Is this insignificant? There is a security
principle called security by obscurity, but I may have a misconception of it.
I don't wish the moderator or anyone else to get the impression that I take
personal offense to his comments. I hope that paranoia is not my natural
state of mind, and that it maintaining it is a difficult job. If anyone
can point out areas where I really don't have a legitimate cause for concern
it will provide me with some relief and allow me to concentrate my energy
on more useful avenues.
------------------------------
Date: Sat, 11 Sep 1993 8:45:00 -0400 (EDT)
From: "Dave Niebuhr, BNL CCD, 516-282-3093" <NIEBUHR@bnlcl6.bnl.gov>
Subject: Re: ANI
There are major disagreements with the collection and *possible*
use/misuse of calls to 800 numbers and I'd like to side with
John Higdon. I do not feel that I have ever been abused by my
calling a company or service that has an 800 number.
If I am interested in their produce/service, and therefore feel
that the disclosure of my phone number is a small price to pay
since I may receive something of higher value in return.
Yes, yes, yes; I know the privacy issues involved. However, in
some instances it is worth it to me to reveal a small part of
that in order to get something that I want.
Want a credit card or a loan? Well, just turn over your home
and work phones, your address, your Social Security Number,
your credit history, when you were born, etc. *That* is loss
of privacy.
Have I ever been harmed by that? Not to my recollection for
the past 30+ years and I have a long memory.
Someone mentioned abuse hotlines with 800 numbers and the fact
that ANI is given. So what! If calling that number will help
protect an innocent, then I am willing to reveal a miniscule
portion of my privacy.
There are some services that I want that have 900 numbrs but
I can't call them since I have what NYTel calls Circuit 9 which
blocks 900/976/540/550 numbers; I can't pick and choose. It
is all or nothing.
If I didn't have that blocking, then I could call those 900
numbers that I needed to call even if I was paying for it.
A good example is the Better Business Bureau on Long Island.
It has a 900 number. Therefore, if I want to check on a
business I can't call them. I have to write.
In summary, I agree with John. I have never been harmed by
ANI to my knowledge and don't think that I will be in the
future.
Oh, and by the way, I am in the phone book. However, I
use a pseudonym so that I can tell just how telemarketers
are obtaining my number (not many). I can also tell how junk
mailers get my address.
Dave
Dave
Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl
Brookhaven National Laboratory Upton, LI, NY 11973 (516)-282-3093
Senior Technical Specialist: Scientific Computer Facility
------------------------------
End of Computer Privacy Digest V3 #031
******************************