Date: Wed, 15 Sep 93 17:29:31 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#034
Computer Privacy Digest Wed, 15 Sep 93 Volume 3 : Issue: 034
Today's Topics: Moderator: Dennis G. Rears
Re: Caller ID; a different view
Caller ID gives low cost access to ANI data
Re: Caller ID vs Name System
[Chris Nelson: Re: Spousal Signatures]
About Selling Phone Numbers
Re: ANI
Re: ANI
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Mon, 13 Sep 93 12:50:10 -0700
From: Geoff Kuenning <geoff@reddog.la.locus.com>
Subject: Re: Caller ID; a different view
Organization: Locus Computing Corporation, Los Angeles, California
In article <comp-privacy3.29.2@pica.army.mil> Richard Blauvelt
<rblauvel@world.nad.northrop.com> writes:
> Caller ID is the electronic
> equivalent of the peep-hole in my front door.
No it's not. Calling Number ID is the electronic equivalent of having
a small slot on your door through which a business card can be
inserted, except that instead of having a name, the business card has
a cryptic number. There is no guarantee that a particular business
card was actually slipped through your door by the person you normally
associate with that card, nor is there any guarantee that a particular
person will always use the same business card.
"Caller ID" is a lie perpetrated by the phone companies. It doesn't
ID the caller, it ID's the calling number. If you want Calling Number
ID, that's fine, but that's a different and far-less-useful thing.
> When I post to a news-group or send electronic mail, my name and
> internet address are attached to the message. How is caller ID any
> different?
It doesn't attach a name. (Of course, if you worked for IBM or
another such people-disoriented company, you'd be identified as
"as1265@ibm.com" and things would be closer to Calling Number ID...)
--
Geoff Kuenning geoff@prodnet.la.locus.com geoff@itcorp.com
------------------------------
Date: Mon, 13 Sep 93 17:45:04 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Caller ID gives low cost access to ANI data
Reply-To: ua602@freenet.victoria.bc.ca
In a previous article, deej@cbnewsf.cb.att.com ("david.g.lewis") says:
>
>You may have inferred that, but I don't recall it being "established". What
>I believe has been "established" is that 800 service providers offer a
>service which delivers the calling party's billing number in real time.
>This is not "reproducing Caller ID signals", nor is it "recreating a Caller
>ID signal... defeating... a Caller ID block." It's a different service that
>has nothing whatsoever to do with Caller ID.
>
>David G Lewis AT&T Bell Laboratories
>david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation
>
Thanks for pointing out the need to be more precise in my statement.
A call from my phone(on a type 1 or 2 switch which does not generate
Caller ID signals for any line) to both of STOPPER's Caller ID demo 800
numbers demonstrated that the recreation of blocked Caller ID signals
from ANI data (ANI spill) makes it possible to use cheap Caller ID
access to obtain at least the calling phone number part of an ANI
signal. It does not give any information about how widespread ANI spill
is, but it does demonstrate that it can happen.
BC Tel told me that they have a pact with other Canadian Stentor Group
companies not to do this if a call is flagged as being Caller ID Blocked.
This agreement doesn't apply to US companies or to other Canadian Long
Distance carriers, such as Unitel.
BC Tel also told me that ANI requires at least an ISDN Primary Rate
interface, which I believe is about 23 times(in North America) the
capacity of an ISDN Basic Rate Interface. The cost of this should rule
it out except for major 800 operations, certainly for personal 800
numbers or very small businesses using entry 800 service.
Does anyone care? The "Equifax Canada Report on Consumers and Privacy
in the Information Age" revealed that Canadians, at least, are more
concerned about private individuals obtaining access to personal
information in records than about large businesses, such as insurance
companies. The context seems to be that there is an assumption that
certain kinds of transactions initiated by a consumer justify
exceptions to blanket assumptions of confidentiality. Most Canadians
have a strong concern about individuals being able to get access to
public record information about other individuals. There is an
expectation that large organizations exercise a monitoring role over
the activity of their employees. This becomes less true as the size of
the organization drops to the level of a private entrepreneur in a
small business.
Most people are able to understand that the wider the scope of access
the greater the likelyhood of confidentiality not being respected. If
everyone has access there is no confidentiality. Changing the entry
price of ANI data from an ISDN PR Interface and related equipment to a
Caller ID box and interface enlarges the scope for abuse.
------------------------------
From: David Dyer-Bennet <ddb@burn.network.com>
Subject: Re: Caller ID vs Name System
Organization: Network Systems Corporation
Date: Tue, 14 Sep 93 18:36:45 GMT
In article <comp-privacy3.32.1@pica.army.mil> rogerj@otago.ac.nz writes:
>I would be interested in what people would think about this method of
>Caller Id. Instead of display the telephone number of the caller the
>initial of their first name (and maybe the initial of their middle) and
>their surname gets printed on the screen. Thus instead of 477-9229 being
>displayed J. Bloggs is displayed on the screen.
>
>The following comments refer to the residential use of caller id and
>not to business. My reasons for supporting this idea are.
...
>2. Since the name system does not provide the answer with information about
>the location or identify of the caller, vigilante action could not be
>instigate. Hopefully any action brought against a caller would be
>made by the police, this how abusive phone calls are handled in New Zealand.
>The telephone numbers of people calling are handed over to the police rather
>then the answerer.
Vigilante action is much, much more likely with names given than with
numbers given, because it is easy to confuse the actual information
"this call was made from a phone registered to J. A. Smith" with the
perveived information "this call was made by the particular J. A. Smith
that I know".
>5. Finally identifying people by numbers is dehumanising. Over the past
>few thousand years most people have been identified by name rather than a
>number, we are even labled with a name at birth, why do we want to start
>labeling people as numbers? Is humanity the price of effeciency.
Since you are not, in fact, identifying people, it's misleading to ues
the identifiers commonly associated with people. Furthermore, since
the human namespace is cluttered and overlaid, you can easily introduce
accidental aliasing which would hampter police response to harrassment
problems, and could also result in police harrassment of innocent
people who had names the same as guilty people. Phones have always
been identified by numbers. Associating a person's name with a phone
is misleading at best. Don't do it.
--
David Dyer-Bennet Network Systems Corporation
ddb@network.com Brooklyn Park, MN (612) 424-4888 x3333
ddb@tdkt.kksys.com My postings represent at most my own opinions.
Geek code 0.3 extended: GCS/O d* p--- c++ l m+ s+/+ ++!g w+++ t- r f+++ x+
------------------------------
Date: Tue, 14 Sep 93 15:58:25 EDT
From: Brinton Cooper <abc@arl.army.mil>
Subject: [Chris Nelson: Re: Spousal Signatures]
Organization: The US Army Research Laboratory
Chris Nelson writes, in part, on how to avoid using a credit card when
renting a car:
"...HOWEVER, Hertz has a program where you can apply to use cash. They do
a credit check, etc. to give them some assurance that you aren't the
sort of person who would steal or trash their car then they send you a
plastic card which you can present at Hertz locations in-lieu of
credit; no deposit, nothing. Just pay cash on return. Guess who's
getting my business?"
That little plastic card IS a CREDIT CARD. The difference between it and
VISA is in when you pay. You're carrying around a card that could be
lost/stolen and used by another. You've had your "privacy invaded" to
undergo the credit check (which you might not pass if you don't have
credit cards or other credit anyhow) in order to get the card. The only
difference, as I see it, is that you don't get a 28 day grace period
plus billing delay before parting with your money.
Or am I missing something?
_Brint
------------------------------
Date: Wed, 15 Sep 1993 07:13:46 +0000 (GMT)
From: Rene A Felix <felix@helium.gas.organpipe.uug.arizona.edu>
Subject: About Selling Phone Numbers
Organization: University of Arizona, Tucson
Two days after getting a new phone line here in Tucson, the local paper
was calling to "FIRST, welcome me to my new neighborhood, and SECOND..."
of course they wanted me to buy their paper.
Is this common practice for the phone company? What can I do to prevent
this? I'm new to this newsgroup, so my apologies if I am rehashing an
old thread.
------------------------------
From: Conrad Kimball <cek@sdc.boeing.com>
Subject: Re: ANI
Date: 15 Sep 93 16:50:26 GMT
In article <comp-privacy3.31.3@pica.army.mil>, drears@pica.army.mil (Dennis G. Rears) writes:
|> >This is true. However, that's between the provider and the 800 customer.
|> >The average telephone network user (caller) has to deal with a local
|> >telephone company, which, at least in any area I know, is a monopoly and
|> >regulated as a utility (just like the electric company). After all, we
|> >can't have every Tom, Dick, and Harry putting lines on the local telephone
|> >poles. Thus, my service agreement is with my local telephone company.
|> >THEY are the ones actually transmitting the caller's number in accordance
|> >with whatever agreements THEY have with long-distance carriers.
|> ^^^^^^^^^^
|>
|> They are not agreements. They are FCC requirements.
Nonetheless, they are agreements among telecom providers, with the FCC
merely providing an enforcement mechanism. And, they are subject to
change given the proper inducements. They are _not_ cast in stone.
|> >No, but (a) telling a customer up front, at the time the service is
|> >established, and/or (b) in lieu of (a), as in the case of the
|> >Southern New England Telephone Company (Connecticut), placing a notice
|> >on/in the telephone bill, that customers dialing 700, 800, or 900 numbers
|> >may have their calling number released regardless of CID setting, is
|> >more than reasonable. Customers should likewise have the option of
|> >disabling calls to these numbers from CID-blocked lines.
|>
|> Why should they have an option? The telephone company is providing
|> you a service on their terms. If you don't like don't use their service
|> or convince them it is in their economic interests to change. Do you
|> have any idea of the cost to impliment ANI blocking?
Do _you_ have any idea of the cost? Or are you simply using the standard
"it costs too much" response of one who doesn't want to change something?
(It's a common response in the software business; I suspect telecom isn't
too different.)
As for your take-it-or-leave-it attitude about TPC, that's precisely why
they are regulated, because we _can't_ get alternative service. It's an
unbalanced bargaining situation, which regulation attempts to rectify.
TPC is _allowed_ to operate (as a monopoly) as long as it serves the public
interest; if the public interest (as defined by regulators) decides things
should be different, TPC has to change or get out of the business. TPC
exists to _serve_ the public, plain and simple.
|> They are not selling a user's indentification. They are only giving the
|> phone number and class of service. They are not giving a name or address.
With reverse directories and such, it's trivial to map a phone number to
a name and address. Thus, they are essentially equivalent.
--
Conrad Kimball | Client Server Tech Services, Boeing Computer Services
cek@sdc.cs.boeing.com | P.O. Box 24346, MS 7A-35
(206) 865-6410 | Seattle, WA 98124-0346
------------------------------
Date: Wed, 15 Sep 93 17:11:40 EDT
From: "Dennis G. Rears" <drears@Pica.Army.Mil>
Subject: Re: ANI
Conrad Kimball writes:
>In article <comp-privacy3.31.3@pica.army.mil>, drears@pica.army.mil (Dennis G. Rears) writes:
>
>|> Why should they have an option? The telephone company is providing
>|> you a service on their terms. If you don't like don't use their service
>|> or convince them it is in their economic interests to change. Do you
>|> have any idea of the cost to impliment ANI blocking?
>
>Do _you_ have any idea of the cost? Or are you simply using the standard
>"it costs too much" response of one who doesn't want to change something?
>(It's a common response in the software business; I suspect telecom isn't
>too different.)
Under current tariffs, 800 users could refuse to pay their pay bacuase
of lack of number identification. I could not tell you the cost, maybe
John can. The 800/900 system would in a best case situation need a minor
design change. I view this whole issue of 800/900 ANI as a minor issue
at best. Has anyone reading this newsgroup felt strongly enough to
write to the FCC? If not, why the big issue?
>
>As for your take-it-or-leave-it attitude about TPC, that's precisely why
>they are regulated, because we _can't_ get alternative service. It's an
>unbalanced bargaining situation, which regulation attempts to rectify.
>TPC is _allowed_ to operate (as a monopoly) as long as it serves the public
>interest; if the public interest (as defined by regulators) decides things
>should be different, TPC has to change or get out of the business. TPC
>exists to _serve_ the public, plain and simple.
They are regulated because they are a monopoly not because they have
a "take-it-or-leave-it attitude". Your individual contract (if such
a thing exists) is with the TPC. The TPC is merely acting as a liason
between the subscriber and 800 deliverer. The 800 deliverer will not
accept the call unless ANI is provided. The TPC has no choice in the
matter.
>
>|> They are not selling a user's indentification. They are only giving the
>|> phone number and class of service. They are not giving a name or address.
>
>With reverse directories and such, it's trivial to map a phone number to
>a name and address. Thus, they are essentially equivalent.
I agree that with reverse directories it is easy to map a phone number
with a name and address. I disagree that it is equivalent. One, TPC
is not selling the number, they are providing the number as required to
complete the call. TPC is not makign any money off of it.
------------------------------
End of Computer Privacy Digest V3 #034
******************************