Computer Privacy Digest Mon, 13 Sep 93 Volume 3 : Issue: 033
Today's Topics: Moderator: Dennis G. Rears
Re: what is ANI?
Re: Something to Consider
Re: ANI and CNID
Re: ANI
More on ANI/800 numbers
Re: Caller ID vs Name System
Re: does anyone care about ANI?
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Sat, 11 Sep 1993 20:51:10 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Re: what is ANI?
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
> [Moderator's Note: Anybody want to take a stab at answering *ALL*
> these questions? ._dennis ]
Hack, slice, Here I go:
"John P. Quinn" <p00737@psilink.com>, writes:
> 1. What does ANI stand for?
Automatic Number Identification.
> 2. How can I block caller I.D.?
If blocking is available - it is not available in New Jersey and has just
become available in Virginia - you dial the toggle code which is usually
*67 or 1167 on some rotary phones. Note that this is a *toggle*. If your
phone has blocking set on permanently, *67 will *unblock* for one call.
> 3. What effect does *67 before the fone # string do for me, and
> what numbers and/or business's can over-ride the *67?
The code tells the SS7 switch to not pass the SS7 number information
packet on to the caller. A telephone company could override this if
they reprogrammed the switch to change this.
> 4. What are the advantages and disadvantages for me to have
> caller I.D?
Advantage: know the phone number (and sometimes the name) of the
calling party before they answer. Or know that they don't want you
to know their number.
Disadvantage: usually requires extra hardware (unless you own a caller-id
equipped phone) and extra monthly charge. Also, if the switches are not
all SS7 or equivalent, you could be paying for a service that is only
partially useful.
> 5. What are the advantages and disadvantages for an outsider to
> have caller I.D. and caller I.D. blockage?
You can refuse to answer (or dump to your machine) any calls from people
you don't know; you can refuse to give out your phone number.
> 6. How come some people dial in *67 on there phone before dialing
> the rest of the number and it doesn't work for them?
If it really doesn't work, they should get a recording indicating that
the code is bad. Otherwise, what it could mean is they dialed something
else *before* dialing *67. Such as dialing *70 to disable call waiting,
or 9 for an outside line. If you are on Centrex - telephone company
PBX service - the *67 is dialed even before you dial 9. If you are
using a company PBX, you dial 9, then dial *67.
> 7. Why are people confused about the difference between ANI and
> PBX and other type of devices?
ANI is a class of information; 'PBX' is a class of device; not the
same. I think your question was why do people confuse ANI and
Caller-ID. For most purposes, they are the same. If you use a PBX
that can give out a specific extension number, it may generate an ANI
*different* from a caller-id code, or it may generate nothing for
caller-id or they may both be the same, but *not* be the *incoming*
number that phone uses.
A phone has an outgoing number and an incoming number. Those are
not necessarily the same. My home phone has two different phone
numbers on it; one is xxx-x7zx and goes "Ring...Ring...Ring" when
called. The other number is xxx-x8zx and goes "Ring-Ring...Ring-Ring...
Ring-Ring..." The number I give out for incoming calls is the "Ring-Ring"
number; the actual ANI/Caller-ID/Billing number is the "Ring" number.
(The phone numbers of both are the same in the first 4 and last digit).
I can receive calls on the number with 8 in it, but that's *not* the
number it gives out when called. I had to explain this to a man at
a Dominos pizza with caller-id that the phone has two different
numbers on it. One time I shocked the guy at Dominos:
"And your phone number?"
"Why do you bother asking? You've got caller ID there!"
> 8. How long has this technology been around, and in what other
> types of similar devices?
ANI has been used on automated dialed calls for more than 20 years.
I have been told that it has been available on 1-800 calls for a few
years now. And Caller-ID has been available about 2-3 years, since
telephone companies started installing SS7 Switches that have this
feature.
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
God is really only another artist. He invented the giraffe, the
elephant and the cat. He has no real style, He just goes on trying
other things.
-- Pablo Picasso
------------------------------
From: "Kirsi M. Vivolin" <vivo@hardy.u.washington.edu>
Newsgroups: comp.society.privacy
Subject: Re: Something to Consider
Date: 11 Sep 1993 20:57:31 GMT
Organization: University of Washington, Seattle
In article <comp-privacy3.30.2@pica.army.mil>,
Wm. L. Ranck <ranck@joesbar.cc.vt.edu> wrote:
>Mark W. Eichin (eichin@athena.mit.edu) wrote:
>: Why does it give more privacy? My old phone number was
>: 508-670-xxxx; that was enough to narrow things down to a small town,
[munch]
>
>The point someone was trying to make is that some companies might use
>their ANI service to build a telemarketing database. They may even
>make a point of marketing non-published numbers.
Excuse me for jumping in, but I think that the thread is missing the
point with respect to CallerID, ANI, and privacy. IMHO the problem with
ANI and especially with CallerID is what happens when data from a large
number of sources is pooled into one database. This includes data from
debit/credit card transactions, library borrowings, etc. Stuart Brand's
First Law of Data is 'Data seeks other data and merges with it'. Most
of us do not object to a few people being aware of *some* of our
comings and goings. For example, if a neighbor sees me in the store
buying Goober Grape and talking to a friend, I really couldn't care
less. I know I'm being observed, and by whom; furthermore, there is a
kind of parity(I see you, you see me). On the other hand, if my
neighbor starts following me around, recording all of my
transactions(time, place, date, items, etc), and noting my
conversations (not content, but when, with whom, who initiated, for how
long), then I'm going to be a little upset. Most people would be. Now,
the information recorded from ANI or CLRID on any one call is pretty
harmless - roughly analogous to one person seeing you talking to a
friend on one occaision. On the other hand, the kind of information
you get when you start pooling this data can have heavy implications
for privacy. Suppose I want to start a business dealing in information
gleaned from CallerID boxes and ANI. If you want to subscribe, you can
pay (in part) by giving me the information from your own ANI or CLRID
boxes. I make my money by combining the information with data gleaned
from other sources, like debit card transactions. What services do I
offer?
- Pre-employment screening:You have a prospective employee in your
office. Want to know if they are negotiating for a job elsewhere? I
can tell you if they have called the employment office at a
participating competitor's firm. Want to know if they have friends in
the industry? Same method. Want to know what their hobbies and
activites are? I can search for calls originating or ending at that
number from any of a host of local businessess - sporting goods stores,
ski areas, smoke shops, bars, whorehouses.... Want to know if they stay
out late at night? I can see if their phone makes a lot of calls during
certain hours.
- Marital issues/infidelity:Want to see if he's seeing someone else? I
can screen to see if somebody else's phone has reported a call from
your number. You match the list of numbers so derived against the
numbers of the people you know, and flag any that are unfamiliar.
- Just about anything:If I have access to debit/credit card txns as
well as information gleaned from CLRID and ANI, I can tell you damn
near everything you want to know about a person. I can tell you who
they called and who called them, when they did it, how long they
talked. I can tell you where they went, what they bought, how they
paid, how much they spent, and when they did it. One nifty application
for insurance companies:you can see how many tobacco products somebody
buys, and cancel their health plan if they smoke too much.
For this system to be effective, a substantial number of
persons/businesses in a given area need to give me the data they
collect from CLRID and ANI, to say nothing of financial transactions.
Why would they do that? Simple. They need to do it to get access to
the database themselves. They have little to lose by giving up their
data, and much to gain through access to the database. Remember,
information is intangible, and costs nothing to copy. If I have an
apple and give it to you, it costs me an apple. If I have information
and give it to you, it does not cost me information - I still have all
the data I started with. If you doubt that competing firms will
cooperate in the sharing of this kind of information, consider the fact
that banks, credit firms and retail outlets compete with each other but
most share information with the credit bureas(Equifax, etc). The only
differnce here is that there is more data to keep track of - less value
per byte - but outside of that the economics is basically the same.
The point is that information from CLRID, ANI, single financial
transactions, etc. is harmless if each datum is kept in isolation. On
the other hand, if data from many different points starts converging
into one database, privacy becomes impacted. Not only can we expect
this to happen(it is happening now), but we can expect little guidance
from the existing body of law, simply because there has never been any
precedent to this.
------------------------------
Date: Sat, 11 Sep 1993 21:13:15 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Re: ANI and CNID
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
-----
> > You see, I believe that ANI and CNID both are invasions of
> > my anonymity and privacy, and violate the ECPA...
>
> That is really reaching, but if you feel so strongly about it,
> take someone to court. Of course, your face may really be red
> if you find out that the company you call is NOT capturing
> ANI (as most do not). And I suspect that most courts would
> require you to demonstrate harm rather than just attitude.
Not true.
The Electronic Communications Protection Act makes the use of
a "trap and trace device" prohibited without a court order.
No harm need be shown; just as listening to the cellular radio
bands is illegal, having a "trap and trace device" that captures
the calling party's number violates the ECPA.
I am waiting for some person who is arrested using a Caller ID
box or ANI to get the evidence pointing to them thrown out since
the evidence was obtained illegally, e.g. through use of a
"trap and trace device".
I've been saying this for two years; while I personally *like* the idea of
Caller-ID and ANI, I'm waiting for some quick shyster to use it to make
money, since I believe the ECPA provides for civil damages *without proof
of any harm or damage*. The supposed idea is, if I remember that part of
the law, is that using the trap and trace device is a 'de jure' (at law)
violation of privacy (even though it is not a de facto 'in fact' violation
of privacy) and statutory damages can be sought.
I may be wrong on this part. I do *know* that T&Ts are illegal; I
*believe* they allow for statutory damages. Now the question comes up,
how do you define Caller-ID and ANI - which return the caller's number -
without they're being Trap and Trace devices? I can't think of a way.
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
Computer programmers do it byte by byte
------------------------------
From: John Starta <tosh!starta@enuucp.eas.asu.edu>
Date: Sat, 11 Sep 93 21:23:57 -0700
Reply-To: tosh!starta@enuucp.eas.asu.edu
Subject: Re: ANI
In <9309110018.AA08929@freenet.victoria.bc.ca> ua602@freenet.victoria.bc.ca
(Kelly Bert Manning) writes:
>I'm surprised that you don't seem to think that in 13 years we have run
>into him or seen him near where we work. He has been spotted driving
>around the parking lot where my wife and I used to work. The friend
>who commented on seeing him commented that he didn't see him long enough
>to get the licence or a good vehicle description, but commented that it
>"looked stolen". This was in reference to the fact that he has a long
>record for auto theft and possession of stolen cars, as well as other
>property.
>
>In general this guy has never had the money to insure a vehicle, although
>he may be able to get his name registered on a junker. He has such a long
>record of auto theft/possesion that police would have no trouble justifying
>a vehicle pull over if we called 911 from a pay or cell phone.
Actually I was thinking more along the lines of: Why isn't this guy in
jail? He has raped your wife, stolen vehicles, and harrassed numerous
people and yet he still walks the streets. This isn't a problem with ANI
or privacy, its a problem with the local police not doing their jobs!
>The only difficult I've had with my PO Box is finding one of my tires
>rapidly loosing air from what may have been a knife puncture once when
>I parked right outside the closest mall entrance to my PO box. Canada
>has national firearms acquisition controls which make it difficult for
>someone to get a firearm unless the local police approve. Unfortunately
>we get a tide of them coming over the US border illegally. I seen reports
>about polls showing that most US citizens want similar controls.(please
>don't start up a flamewar about the right to bear arms, 3 of my grandparents
>were homesteaders who came from the US and I have a bookful of stories about
>forebears who took up arms against the tories and hessians. I respect the
>political system that they fought to establish but I also understand the
>need to adapt to different threats in different times).
Since I have never mentioned firearms anywhere in my messages, I have no
idea why you would think I would flame you over the mention of the gun
control laws in Canada.
I do however question the validness of this report suggesting United States
citizens want strict gun controls like Canada.
john
--
*** PHOENIX SUNS * 1993 WESTERN CONFERENCE CHAMPIONS * PHOENIX SUNS ***
------------------------------
Date: Sat, 11 Sep 1993 21:43:40 -0400 (EDT)
From: "Paul R. Coen" <PCOEN@drunivac.drew.edu>
Subject: More on ANI/800 numbers
Organization: Drew University Academic Technology
It seems to me that part of the problem here is the difference between
something being confidential and something being anonymous. It's a
distinction that social scientists have to make when doing studies,
especially surveys. Basically, if it is confidential, the researchers
know the identity of a study participant, but they won't release it
(and generally take steps to make sure that you can't figure out who it
is). Unfortunatly, that's not a distinction that the public at large
is used to making -- certainly not concerning the telephone.
Anonymous studies are just that -- the researcher doesn't have the
identity of the respondents.
Some of the disagreement over 800 numbers seems to be confidentiality
vs. anonymity. Why not require confidentiality? They can record who
you are, and what your phone number is, and use it themselves. They
couldn't, however, sell your name and number to someone else. Seems
fair enough. You can allow the police to get the records with a
warrant, unless it would violate a legally protected relationship
(doctor/patient, lawyer/client, etc). Aside from billing and their
business purposes, they really shouldn't have need for your number.
------------------------------
From: "Scott E. Preece" <preece@urbana.mcd.mot.com>
Subject: Re: Caller ID vs Name System
Organization: Motorola MCG, Urbana Design Center
Date: Sun, 12 Sep 1993 19:56:05 GMT
In article <comp-privacy3.32.1@pica.army.mil> rogerj@otago.ac.nz writes:
| I would be interested in what people would think about this method of
| Caller Id. Instead of display the telephone number of the caller the
| initial of their first name (and maybe the initial of their middle) and
| their surname gets printed on the screen. Thus instead of 477-9229 being
| displayed J. Bloggs is displayed on the screen.
---
I think the non-uniqueness argument is sufficient to disqualify this
approach. While caller screening is an important reason for having
Caller Id, I think the ability to uniquely identify an harrassing
caller is at least as important. On the other hand, *any* unique ID
would be fine -- it doesn't need to be the caller's callable phone
number. The caller's name, with an added discriminator to make it
unique, would be fine, so would an arbitrary numeric or alphanumeric ID
assigned by the phone company. It would also be nice if the system
allowed the caller to add an additional digit or letter to their ID at
the time the call is made, so that the members of a household sharing a
phone could indicate who within the group is making the call.
scott
--
scott preece
motorola/mcg urbana design center 1101 e. university, urbana, il 61801
phone: 217-384-8589 fax: 217-384-8550
internet mail: preece@urbana.mcd.mot.com
------------------------------
From: "david.g.lewis" <deej@cbnewsf.cb.att.com>
Subject: Re: does anyone care about ANI?
Organization: AT&T
Date: Mon, 13 Sep 1993 17:23:25 GMT
In article <comp-privacy3.32.6@pica.army.mil> Kelly Bert Manning <ua602@freenet.victoria.bc.ca> writes:
>
> We seem to have
>established that US Carriers seem to be reproducing Caller ID signals on
>long distance calls, using ANI signals that you mentioned have to be
>passed along whenever a system requests them. This seems to raise the
>possibility that a Telco could recreate a Caller ID signal at will for
>a long distance call, defeating what the caller assumes is a Caller ID
>block.
You may have inferred that, but I don't recall it being "established". What
I believe has been "established" is that 800 service providers offer a
service which delivers the calling party's billing number in real time.
This is not "reproducing Caller ID signals", nor is it "recreating a Caller
ID signal... defeating... a Caller ID block." It's a different service that
has nothing whatsoever to do with Caller ID.
David G Lewis AT&T Bell Laboratories
david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation
------------------------------
End of Computer Privacy Digest V3 #033
******************************
�