Date: Thu, 09 Sep 93 09:24:53 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#026 Computer Privacy Digest Thu, 09 Sep 93 Volume 3 : Issue: 026 Today's Topics: Moderator: Dennis G. Rears The John & Kelly Show Re: ANI Re: ANI Re: ANI Re: ANI Re: ANI Re: ANI Re: ANI The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 9 Sep 93 9:07:02 EDT From: Computer Privacy List Moderator Subject: The John & Kelly Show This particular digest contains email between John Higdon and Kelly Bert Manning. Since they had cc'ed each other they were able to respond to each other before the digest went out. I figured I would wait until I had several messages to publish this. Dennis ------------------------------ Date: Tue, 7 Sep 93 22:44:49 PDT From: Kelly Bert Manning Subject: Re: ANI In a previous article, john@zygot.ati.com (John Higdon) says: >Kelly Bert Manning writes: >> Does paying for an 800/900 call give someone carte blance to do anything >> they want with the callers number, such as using it to retrieve an address >> from a reverse directory and peddling it to porno magazines as a hot sales >> prospect? > >Why would they bother unless you were calling a porn service to begin >with? What do you and others really think a company is going to do with >your phone number? It isn't the key to your house, your savings >passbook number, your Swiss bank account number, or your winning lotto >ticket. It is just your phone number for crissake! The only legitimate >concern expressed here has been that some telemarketer MIGHT call some >evening. Horrors! What a thought! Even if true (it more than likely is >not), I know many people who have survived telemarketing calls and >lived to tell about it. My wife even survived being raped by a former boyfriend after she gave her new address to the BC Moter Vehicle Branch when she moved to Vancouver to get away from him in the early 80s. Shortly after that the Victoria police started interviewing everyone who knew him when they found him living in the apartment of a local college student who had been reported missing. He gave us a middle of the night phone call and showed up at our previous address shortly after we gave our phone number and address to the local public library. This has made us acutely aware that any data given to anyone can result in him showing up again, with the least consequence being that we would have to move again. A persons phone number identifies their neighbourhood, down to the area served by the local exchange part of their number. This greately narrows the geographic area in which a stalker has to look to locate someone. Even if people avoid getting a credit history by paying in cash or check as we do, their address is often available from local public records. Knowing that Rebecca Schaeffer lived in California was all her killer needed to know to find out where she lived and kill her. Alphabetic lists of voters, homeowners, and other categories of citizen/resident are usually accesible with no questions asked. Preventing someone from identifiying which lists to look in can literally be a matter of life and death. The immoral transfer of addresses and other personal information to third parties without the knowledge or consent of an individual can literally be the death of them. Here in Victoria a woman trying to hide from her former husband was recently burned out of her third rented apartment in 6 months. Arson is not a very selective weapon. The direct targets of stalkers aren't the only ones at risk. > >Telemarketing is a shotgun enterprise. No telemarketer that I am aware >of has people calling selected lists taken from ANI-generated >databases. It simply does not make any logistic or economic sense >except in some very specialized areas. Telemarketing strategies don't have to make sense because the real "product" is calls, with sales being incidental. This is proved by their lobbying to get Bush to veto a bill that would have made them honour a do not call list of people who did not want to get telemarketing calls ever, under any circumstances. The line they trot out is that this activity supposedly generates some billions of economic activity each year. The fallacy is that none of this comes from people who don't want to be bothered ever. If they can find an extra 20% of numbers to call then their budgets for doing this on an internal basis, or their fees for doing it as an outsourcing operation can be boosted correspondingly. A report in "Privacy Journal" mentioned that some direct mail marketing operations in the US deliberately target addresses on the US Direct Marketing Association's exclusion list because they want to get a number for the response rate from this very tough market, or because this group tends to included very well educated people with higher than average incomes, the most desirable market group. In my own research about Computer Integrated Telephony I have looked into the use of either ANI or Caller ID as a way of authenticating the source of calls for Interactive Voice Response applications. It seems to me that it would be just as effective as Call Back. It also seemed to me to be something that would clearly have to be mentioned openly everywhere the number for the service appeared, since people would have to register their number with the service beforehand. The main issue is informed consent. > >I use ANI heavily. I use it for internal purposes and to >protect myself against fraud. Please do not pontificate about how it is >unnecessary or how it is not effective compared to the "harm" it causes >until you have my credentials in the use of ANI and about eight years of >experience in the field of customer-delivered ANI processing. > >Dennis is absolutely correct in his assertion that most people do not >care. Yes, I have extensively observed people's reactions and >attitudes concerning it. I have yet to find anyone other than >net.posters who has so much as raised an eyebrow over the issue. I make >it a point to tell people about the availability of ANI delivery on 800 >numbers, so it is not as though I expect to keep it a deep, dark >secret. Again, no one is surprised; no one seems to care. With ANI, I >am able to open accounts on the spot; without it the new customer would >have to wait some period of time for a validity check. People in the >real world appreciate that and consider it worth the "privacy" >trade-off. > >> [Moderator's Note: Paying for it or not does not give "carte blance to >> do anything they want with the callers number" What give them carte >> blance is the knowledge of the number. Quite simple if you don't want >> a party to know you phone number don't call them from that phone. >> ._dennis ] > >Did anyone ever hear the fable about the silly women who sat around >crying because they were afraid that an axe stuck in the ceiling would >fall and hit someone on the head? When it comes to discussions of ANI >and Caller-ID we hear endless jawbone-ing about all the what-ifs and >what we would need to do to prevent them. How about simply using the >remedies that are available to everyone when harmed by another? If you >feel that you have action against someone who has made improper use of >your phone number, then ask for compensation. If he refuses take him to >court. You cannot prevent every possible harm (real or unreal) that may >befall someone in this life. You cannot make the world a rubber room. > >In that regard, can someone cite one single documented case where >someone was harmed by either CNID or ANI and took action against the >number recipient? Is the problem real, or is it arm.chair.fantasy? >In my experience, the latter is definitely the case. If you have more >experience than I, let us hear about your case histories. > > >-- > John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: > john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 > > -- ------------------------------ Date: Wed, 8 Sep 93 02:58 PDT From: John Higdon Reply-To: John Higdon Organization: Green Hills and Cows Subject: Re: ANI On Sep 7 at 22:44, Kelly Bert Manning writes: > My wife even survived being raped by a former boyfriend after she gave > her new address to the BC Moter Vehicle Branch when she moved to Vancouver > to get away from him in the early 80s. Shortly after that the Victoria > police started interviewing everyone who knew him when they found him > living in the apartment of a local college student who had been reported > missing. He gave us a middle of the night phone call and showed up at our > previous address shortly after we gave our phone number and address to > the local public library. What on earth has this got to do with ANI? I am so bloody sick and tired of irrelevant emotional claptrap such as this entering into arguments about a simple, useful service that is in common, everyday practice. So if the library gives out information about you and it results in harm, sue the library for heaven's sake. For that matter, sue an ANI recipient if you are harmed by the simple matter of some company having the number of the phone you used to make an inquiry or an order. But you better be able to prove with a proponderance of evidence that you were actually harmed, not just ticked off. Perhaps why that is why we never hear of real cases of ANI harm--because there aren't any. (Oh, Martha, here come the hypotheticals and what-ifs!) > This has made us acutely aware that any data > given to anyone can result in him showing up again, with the least consequence > being that we would have to move again. If you you call my 800 number and I come and rape your wife, have me arrested. (Laughable on a number of counts, believe me.) Otherwise, don't call my 800 number. I doubt if you would be interested in the service anyway. Perhaps someone at American Express might do you harm--AE uses ANI extensively. What rot! > A persons phone number identifies their neighbourhood, down to the area > served by the local exchange part of their number. This greately narrows > the geographic area in which a stalker has to look to locate someone. How many stalkers use 800 numbers to trap victims? Why would you call 800-STALKER in the first place? > Even if people avoid getting a credit history by paying in cash or check > as we do, their address is often available from local public records. What has ANI delivery on 800 numbers have to do with this? You talk about rapes; you talk about murders--hell, you even talk about the felony of direct mail. What has ANY of this to do with ANI delivery? Your entire article was just one emotional sob story after another and frankly, your point was completely lost on me. In fact, your whole rambling diatribe was a wonderful example of how the issue of ANI delivery is a non-issue. You made not one point in any kind of case against ANI for 800 customers. > In my own research about Computer Integrated Telephony I have looked into > the use of either ANI or Caller ID as a way of authenticating the source > of calls for Interactive Voice Response applications. It seems to me that > it would be just as effective as Call Back. Then you better start learning from the real world, Bud. And tell me, please, how does one "call back" without knowing the caller's number? I use ANI to verify NEW customers, so pre-registering is out of the question. BTW, I try to rape, kill, stalk, and send direct mail to as few of them as possible. > The main issue is informed consent. Fine. You know it exists--don't call 800 numbers. I have seen many phone books that mention the topic. I sure hope someone else can come up with something a little more sustantial than your campfire stories. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ Date: Wed, 8 Sep 93 10:36:41 PDT From: Kelly Bert Manning Subject: Re: ANI >What on earth has this got to do with ANI? I am so bloody sick and >tired of irrelevant emotional claptrap such as this entering into >arguments about a simple, useful service that is in common, everyday >practice. So if the library gives out information about you and it >results in harm, sue the library for heaven's sake. For that matter, sue >an ANI recipient if you are harmed by the simple matter of some company >having the number of the phone you used to make an inquiry or an order. >But you better be able to prove with a proponderance of evidence that >you were actually harmed, not just ticked off. Perhaps why that is why >we never hear of real cases of ANI harm--because there aren't any. (Oh, >Martha, here come the hypotheticals and what-ifs!) Aren't you aware that sueing someone would get the media's attention and destroy the privacy that you are trying to protect? In this case the library revised it's system of recording loans so that people no longer had to write their names, addresses, and phone numbers on a signout sheet. Closing an avenue for breach of privacy is a lot more effective than sueing someone if they are willing to acknowledge the issue and take corrective action. In Canada it is possible to get a ban on publication in a civil suit without the consent of the other party but I have the impression that this is almost impossible in the US unless the party being sued agrees. With regard to suing someone who got a number from ANI, how would an individual establish that a particular call was the source of a phone number that got passed along? Dead people usually don't tell many stories, or bother to sue. The college student I mentioned in the previous post has never been seen again. It is possible to put someone on trial for murder without a body, but it is very difficult to get a conviction. The Rebecca Schaeffer murder was simply the first one that involved a prominent celebrity. Similar murders, such as the one of an Arizona woman didn't rate media attention. Do your research. This has to do with a phone number being a key which can be used to identify a persons home address without much trouble. Instead of having to check every state driver registry a stalker simply has to look at the list of registered voters in a particular electoral district of a specific city in one state. > >> This has made us acutely aware that any data >> given to anyone can result in him showing up again, with the least consequence >> being that we would have to move again. > >If you you call my 800 number and I come and rape your wife, have me >arrested. (Laughable on a number of counts, believe me.) Otherwise, >don't call my 800 number. I doubt if you would be interested in the >service anyway. Perhaps someone at American Express might do you >harm--AE uses ANI extensively. What rot! This appears to be an attempt to divert the topic to an irrelevant issue. The issue is that someone who gets a phone number by ANI could anonymously sell or exchange it with the result that it ends up on one of the CD-ROM "all USA" phone directories that are sold openly, or on something like the proposed Lotus home database. > >> A persons phone number identifies their neighbourhood, down to the area >> served by the local exchange part of their number. This greately narrows >> the geographic area in which a stalker has to look to locate someone. > >How many stalkers use 800 numbers to trap victims? Why would you call >800-STALKER in the first place? Once again you seem to be trying to divert the topic to an irrelevant and unlikely branch. As the moderator pointed out earlier in the thread, once someone has your phone number you have effectively lost all control over who it is passed along to. > >> Even if people avoid getting a credit history by paying in cash or check >> as we do, their address is often available from local public records. > >What has ANI delivery on 800 numbers have to do with this? As I pointed out above, the phone number identifies the city and state in which someone lives. Narrowing down the area in which a stalker has to check public records can give them an address in a few days, instead of in years. > >You talk about rapes; you talk about murders--hell, you even talk about >the felony of direct mail. What has ANY of this to do with ANI >delivery? Your entire article was just one emotional sob story after >another and frankly, your point was completely lost on me. In fact, >your whole rambling diatribe was a wonderful example of how the issue >of ANI delivery is a non-issue. You made not one point in any kind of >case against ANI for 800 customers. Where did I use any word that described emotions. I though that this was a rather unemotional repetition of facts. > >> In my own research about Computer Integrated Telephony I have looked into >> the use of either ANI or Caller ID as a way of authenticating the source >> of calls for Interactive Voice Response applications. It seems to me that >> it would be just as effective as Call Back. > >Then you better start learning from the real world, Bud. And tell me, >please, how does one "call back" without knowing the caller's number? >I use ANI to verify NEW customers, so pre-registering is out of the >question. The point that you seemed to miss is that I am not some sort of obsessed person who is trying to outlaw ANI. I feel that I am objective and rational about the potential benefits, as well as the potential harms. If all 800 numbers that used ANI warned customers before they called I would not have much basis to object to it. On the other hand, you seem to be unable to appreciate anything except the financial benefits that you get. Telling someone you have used ANI to get their number after they call you is too late. The time to let them exercise informed consent is before they call. > >BTW, I try to rape, kill, stalk, and send direct mail to as few of them >as possible. But is there any law preventing you from selling or exchanging phone numbers you get from ANI to someone who could put them on a CD-ROM and sell them to someone who would? You also seem to have forgotten to put commit arson in the list above. I'm sure that you wouldn't set fire to an apartment building either.;-) > >> The main issue is informed consent. > >Fine. You know it exists--don't call 800 numbers. I have seen many >phone books that mention the topic. I sure hope someone else can come >up with something a little more sustantial than your campfire stories. Does your literature or ads mention this to your customers before they call? ------------------------------ Date: Wed, 8 Sep 93 11:10 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: ANI On Sep 8 at 10:36, Kelly Bert Manning writes: > The Rebecca Schaeffer murder was simply the first one that involved a > prominent celebrity. Similar murders, such as the one of an Arizona woman > didn't rate media attention. Do your research. Please share with me one single documented case where a person was raped, murdered, harassed, or otherwise harmed by a company receiving real time ANI on its 800 number. If you came up with ten or fifteen I would probably dismiss it as a statistically insignificant problem. But I would wager that you cannot come up with ONE. Until you provide some real evidence of a problem, we have nothing more to discuss. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ Date: Wed, 8 Sep 93 13:54:04 PDT From: Kelly Bert Manning Subject: Re: ANI > >On Sep 8 at 10:36, Kelly Bert Manning writes: > >> The Rebecca Schaeffer murder was simply the first one that involved a >> prominent celebrity. Similar murders, such as the one of an Arizona woman >> didn't rate media attention. Do your research. > >Please share with me one single documented case where a person was >raped, murdered, harassed, or otherwise harmed by a company receiving >real time ANI on its 800 number. If you came up with ten or fifteen I >would probably dismiss it as a statistically insignificant problem. But >I would wager that you cannot come up with ONE. > >Until you provide some real evidence of a problem, we have nothing more >to discuss. > Your refusual to acknowledge the issue of a company such as yours selling or exchanging a number says all that needs to be said, just your refusal to respond to my point about direct marketing organization inflating their dial lists with thousands of hopeless prospects also says something. Producing direct proof of an information trail probably wouldn't change your replies anyways. The tobacco companies are still telling young children that there is no proven health risk from tobacco. In any case neither of us appears to be a particularly fresh source of arguments in what is essentially a repeat of the Caller ID debate. That debate has resulted in free per call blocking being introduced in every jurisdiction where it has been introduced in the last year or two. That gives the best indication of what the public, politicians, and regualtory officials think of your arguments. You didn't reply to my question about whether your literature and advertisments give potential customers advance warning that their number will be captured and analyzed. Saying that you did this would have gone a lone way to getting me to drop this. The CDMA code adopted recently has the benefit of allowing members to avoid spelling out all the details of their code on advertising and literature. The code is well known enough that they can simply display the CDMA logo, just a CERTIFIED General Account or Chartered Accountant doesn't have to spell out the ethical codes of their professional bodies. Is there any equivalent body for 800 call businesses? Do they have a mandatory code of ethics enforced by expulsion? ------------------------------ Date: Wed, 8 Sep 93 14:29 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: ANI On Sep 8 at 13:54, Kelly Bert Manning writes: > Your refusual to acknowledge the issue of a company such as yours selling > or exchanging a number says all that needs to be said, just your refusal > to respond to my point about direct marketing organization inflating their > dial lists with thousands of hopeless prospects also says something. I don't trade in such information, so what needs to be acknowledged? Your comment about direct marketing organizations neither addressed any pertinent issue, or did it carry any other significance. What do you care about inflating dial lists with hopeless prospects? Are you the direct marketing efficiency police? > Producing direct proof of an information trail probably wouldn't change > your replies anyways. The tobacco companies are still telling young > children that there is no proven health risk from tobacco. What a cheap shot. Try me and see. How can you compare the total lack of any evidence to support your point with the mountains of data from cancer research? You have yet to give me anything to discount, deny, or refute. > In any case neither of us appears to be a particularly fresh source of > arguments in what is essentially a repeat of the Caller ID debate. That > debate has resulted in free per call blocking being introduced in every > jurisdiction where it has been introduced in the last year or two. That > gives the best indication of what the public, politicians, and regualtory > officials think of your arguments. No, it is an indication of the politization of regulatory boards and an indication of how the squeaky wheel gets the grease. The Antis are louder than the Pros. There has been no debate; the fact that you think there has tells me that you are not coming from any position of substance. What there has been is a shouting match where CNID proponents are expected to prove a negative. If the anti-CNID people had to prove harm (from the experience of CNID in this country so far) there would be no issue to discuss. But I have something you and others like you do not have: direct hands-on experience in the industry and direct experience with ANI implementations. At least I am within handshaking distance of the beast. You spout nothing but hypothetical drivel. > You didn't reply to my question about whether your literature and > advertisments give potential customers advance warning that their number > will be captured and analyzed. Saying that you did this would have gone a > lone way to getting me to drop this. I don't have literature. I have a small classified ad. There is no room to make any such statement. But who cares? Is the issue the fact that I CAN get the number or that I am doing something harmful with it? I use it for one purpose only: to protect myself against fraud. I fail to see how that is harmful to the caller and I fail to see why I need to make an issue of it to the caller. Are you whining because you want the option of crank-calling businesses with impunity? > Is there any > equivalent body for 800 call businesses? Do they have a mandatory code of > ethics enforced by expulsion? No. And no one, including you, has demonstrated any need for such. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ Date: Thu, 9 Sep 93 00:57:46 PDT From: Kelly Bert Manning Subject: Re: ANI In a previous note Kelly Manning and the moderator say: > >"I know where you live." has become something of a cliche, but it is based >on a grim reality that most people understand without having it spelled >out for them. > >Some claim that the high level of demand for Caller ID shows that the >public doesn't care about phone number privacy. The statistics for unlisted >numbers show quite the opposite. "Privacy Journal" recently published a >table of these for a number of US Cites. Rates ranged from the 30%s in >places like Seattle to over 60% in Los Angeles. Should Caller ID even >be offerred in cities where about 2 out of 3 home numbers/addresses are >unlisted? > >[Moderator's Note: You're making a big jump going from ANI to privacy in >general. I just took a short poll of 10 of my coworkers. None of them >knew about ANI delivery and none cared either. As John Higdon says, it >just a phone number. ._dennis ] If you are going to do a straw poll you should check that the % of unlisted subscribers in your sample is representative of your area. Just an unlisted phone number is it? Let me spell it out. The area code part of your phone number identifies which country and state you live in. The first 3 digits after the area code tell what part of that state you live in, down to a particular neighbourhood of your city. Just the fact that you live a state like California or Arizona that sells addresses in Driver Registry Files can be enough to reveal your home address. The exchange code ties your address down to a particular part of your city. Someone might have to spend months or years going through unavoidable public records, such as voter's lists and property tax rolls, to find a particular name. If they know which exchange your number is on it greatly narrows the scope of the search, to a particular voting district, or to a particular city within a metropolitain area. Our PM just called a federal election this morning. The evening news in Vancouver reported that one parties office had already been broken into. The thieves took the computers, of course, but left a lot of software diskettes around. What diskettes they did select happened to be the ones with a copy of the voter list. Given the current slate of leaders I would seriously consider buying out of being listed by choosing not to vote. The combination of knowing which neighbourhood someone lives in, combined with legal or illegal access to public record information, puts some people at risk. [Moderator's Note: ANI really doesn't contribute to it. You can get the same information when somebody mails you a letter from the return address. 800 numbers are mainly used by businesses, for the most part they are used immediately then tossed. Rarely, are they used for telephone call backs. I have a residential 800 number, I don't get real time ANI, I do get a bill which every number who call me. A unlisted number means that number is not given out to directory assistance or published in the phone book. I have to agree with John, you are building a straw man about a person being raped or murder on the basis of someone getting a phone number by ANI. None of the people I polled had an unlisted number. ._dennis ] ------------------------------ End of Computer Privacy Digest V3 #026 ******************************