Date: Thu, 09 Sep 93 09:58:14 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#027 Computer Privacy Digest Thu, 09 Sep 93 Volume 3 : Issue: 027 Today's Topics: Moderator: Dennis G. Rears Re: ANI and CNID Re: should gas siphoning be de-criminalized Something to Consider Combatting telemarketers (was: ANI) Caller ID; a different view Re: should gas siphoning be decriminalized The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Wed, 8 Sep 1993 18:01:50 -0800 From: "Glenn S. Tenney" Subject: Re: ANI and CNID At 4:36 PM 9/8/93 -0500, Dennis G. Rears wrote: >[Moderator's Note: Several things wrong here. First it was never >a secret. It was part of the process of how it worked. It was no more a >secret than North American Number Plan. Second, ANI does not steal >privacy, at worse you could make a case for anonymity. Third, theft of >gas is a crime, disclosure of a phone number isn't. > ... >[Moderator's Note: You're making a big jump going from ANI to privacy in >general. I just took a short poll of 10 of my coworkers. None of them >knew about ANI delivery and none cared either. As John Higdon says, it >just a phone number. ._dennis ] Dennis, although you and many of us "techies" know about ANI and have known for a long time, the general public does not. To paraphrase The Hitchhiker's Guide... The notice of what ANI was doing was posted above the water cooler in the Bell Labs 2nd floor employee's lounge, it wasn't a secret. To a first order approximation of the telephone user population, it was and is a secret. When I was campaigning for Congress last year, in talk after talk I do not recall a single person in my district who knew about ANI, yet when told about it were aghast that 800 calls were not anonymous. Try asking your coworkers if they know anyone who has ever called 800 numbers such as: Witness-a-crime, child abuse hotline, runaways, suicide prevention hotline, cocaine users anonymous, etc. and THEN ask them if they would *ever* call such hotline if they knew that their calls were NOT anonymous. Some police departments are using 800 numbers to report crimes -- sometimes listed as an anonymous "tip" line -- and there's NO other number to call except 911 which has E911 capabilities... So much for anonymous tips. Try calling an airline or hotel-chain reservation system without going through an 800 number, they usually won't give out their non-800 number if they have one. A friend in Japan called me to conference call him up with an 800 number because there was no way for him to call the 800 number. Yes, if you have certain calling cards you can make such calls, but not everyone has that card. Regardless of what you or John says, it is NOT just a phone number -- having access to it when you don't want someone to have access is a loss of your anonymity (I would also say privacy, but...). That, combined with on-line telephone directories gives the called party your name and address in addition to phone number -- all when you are making what you thought was an anonymous call. Some have said that ANI is essential because the person paying for the call should know the number. If that were so, then every call coming in to every cellular phone should show up on their bill, since *they* are paying for all calls. I have call-return (dials last number that called you -- doesn't work too often) and toll calls are listed as area-exchance-XXXX even though *I* am paying for the call, so these numbers shouldn't be hidden... You see, I believe that ANI and CNID both are invasions of my anonymity and privacy, and violate the ECPA... [Moderator's Note: In most of those cases even though ANI is available it is not necessarily used. Cellular phone is different for many reasons. One of them being is that the cellular company doesn't have the number to transmit. It is true that most companies do not have a POTS number, though, I never had a problem getting one for an airline. Maybe the problem is the reverse lookup dictionaries and not the ANI itself. I have to ask the question that John does of Kelly; Can anyone produce one horror story of ANI being used to breach the privacy or anonymity of somebody. ._dennis ] --- Glenn Tenney tenney@netcom.com Amateur radio: AA6ER Voice: (415) 574-3420 Fax: (415) 574-0546 ------------------------------ From: "david.g.lewis" Subject: Re: should gas siphoning be de-criminalized Organization: AT&T Date: Wed, 8 Sep 1993 20:58:39 GMT In article ua602@freenet.victoria.bc.ca writes: > >In a previous article, 0005066432@mcimail.com ("Tansin A. Darcos & Company") says: >>From: Paul Robinson >>Organization: Tansin A. Darcos & Company, Silver Spring, MD USA >> >>I believe ANI on calls has been available for more than TWENTY YEARS. >>It has only been since the ordinary guy on the street has been able >>to obtain the identifying number of a caller in real time that there >>has been any bruhaha about this. Large businesses have been able to >>get real-time ANI by paying a small fortune. It is only since people >>discovered that their alleged private calls are not really private >>that there has been any question about this. > >On the face of it you seem to be implying that the general public has >been aware of this for 20 years, instead of it being a dirty secret. > >[Moderator's Note: ... > Fourth, inform consent, who should inform who? Should it be the >provider of 800 service (e.g. Sprint), the LEC (e.g. NJ Bell), the guy >provides the wiring (Acme Electrical)? Are you one of these people who >actually wants pages upon pages of mandatory disclosures? ._dennis ] Funny you should mention "pages upon pages of mandatory disclosures"; service providers *are* obligated to make "pages upon pages of mandatory disclosures". They're called tariffs. I don't know about 20 years, but AT&T's INFO-2 (SM) service has been available since 1988. INFO-2 is a tariffed service. All tariff filings are public record. Therefore, the general public has been aware of INFO-2 service since 1988. QED. If certain members of the "general public" choose to not avail themselves of the opportunity to understand the publically-available information, that is no one's fault but their own. It certainly can't be interpreted as a "dirty secret". David G Lewis AT&T Bell Laboratories david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation ------------------------------ Date: Wed, 8 Sep 93 17:19 PDT From: John Higdon Organization: Green Hills and Cows Subject: Something to Consider In the bruhaha about ANI, one should stop to consider this: ANI data is only useful in the very short term. If some evil company is going to abuse it, it would have to be done in a short period of time. Why? All they have is a phone number. Americans change phone numbers sometimes more frequently than they change socks. Yeah, you have had the same number for forty years, blah, blah..... But then you would not be average. And anyone knowledgably using ANI knows this. So what happens to be your phone number today belongs to Road Pizza tomorrow. This is a very, very poor foundation upon which to base these insidious "lists" that the whinies are sniffing about. Again, it is ONLY your phone number--which can be changed with a phone call. Now if ANI delivery involved your SSN, that would be something to get bent out of shape over. When the phone company starts handing out lifetime phone numbers, then come back and let us discuss the matter. Until then, get a life and find a new hobby. Special disclaimer: If you call my 800 number you WILL be revealing your billing number AND it WILL go into a database to be used by me for whatever purpose I see fit. You will also reveal your telephone's class of service, since I get that info as well. There, does that satisfy everyone? Have I sufficiently informed everyone that I capture ANI? Is there any doubt in your mind? Is anything unclear? Anyone else want to accuse me of trying to hide the reality of ANI? -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ From: Todd Jonz Newsgroups: comp.society.privacy Subject: Combatting telemarketers (was: ANI) Date: 9 Sep 1993 01:55:25 GMT Organization: Sun Microsystems, Inc. John Higdon writes: > What do you and others really think a company is going to do with > your phone number?...The only legitimate concern expressed here has > been that some telemarketer MIGHT call some evening. On two separate occasions during the last year or so, my wife and I have received a sudden barrage of telemarketing calls, sometimes two or three in the same evening, as many as eight or ten a week, for periods lasting two, even three weeks. I assume that this has occurred because our phone number *somehow* made its way onto a newly published list that we would never have sought to join voluntarily. Your point would be well taken, John, if we only received the occasional telemarketing call, but we consider the cumulative effect of these calls to be a flagrant invasion of our privacy. Quite frankly, I agree with Kelly Bert Manning , who writes: > Most people feel that information that is given for one purpose > should not be used for another unrelated purpose without their > consent, or transferred to a third party. John also points out the proper way to handle these problems, and it parallels the plan that we have adopted to combat these onslaughts: > If you feel that you have action against someone who has made > improper use of your phone number, then ask for compensation. If he > refuses take him to court. We borrowed our strategy from an episode of the PBS series "Nova" about the commercial information industry entitled "We Know Where You Live". As I recall, the fellow who espoused this strategy had used it to prosecute successfully. When a telephone solicitor calls, we explain to the caller that ours is a private telephone number, not a business phone, and that we do not authorize anyone to use it for business purposes without our express permission. We then offer to grant this permission to the caller's organization for a fee of $100 per month, payable in advance on the first day of each month. (You can imagine the wide variety of surprised responses we get to this!) Next we ask for the name and address of the organization making the solicitation so that we can send them the appropriate application forms. It's at this point, of course, that most of the callers hang up on us (there's a switch!), but in some cases we already have all the information we need, like the contract boiler room that hawks tickets every year to some kind of variety show in the name of the local Police or Firefighters' Benevolent Association. When we know where to find the solicitor, we drop them a friendly note and repeat our offer in writing. Purely on principle, we hope one day to get the opportunity to take one of these jokers to court for as much as our informal legal counsel tells us we have a reasonable chance of collecting. We have already been advised that our best bet would be to bring an action against an out-of-state concession in the local small claims court, where their defense expenses would exceed the compensation we are seeking, which I believe can go as high as $5,000 in a California small claims court. -- Todd ------------------------------ Date: Thu, 9 Sep 93 00:05:44 MDT From: Kenneth Ingham Subject: Caller ID; a different view I would like to present a differnt view of the caller id discussion. We have caller id here in New Mexico. We purchased it. Since it comes with both name as well as number, it makes an excellent screening device for phone calls (we just need one for each phone :-). If we do not recognize the name or if it is an anonymous call, we simply do not answer the phone. We let the machine get it. As a result, it is now a rare occasion when I talk to a telemarketer. I find this a very nice step forward. I realize that most of the discussion is around businesses obtaining your number when you call, but it works both ways... Now I can fight back by ignoring the phone if they call me and I don't want to talk with them. Kenneth ingham@i-pi.com ------------------------------ Date: Thu, 9 Sep 93 00:12:46 PDT From: Kelly Bert Manning Subject: Re: should gas siphoning be decriminalized In a previous article, the moderator says >[Moderator's Note: Several things wrong here. First it was never >a secret. It was part of the process of how it worked. It was no more a >secret than North American Number Plan. Is your tongue in your cheek? Yes, the old NA Number Plan, I'll have to get it down from my bookshelf and have a look. Does this rate as security by obscurity? Something which is only know to a technical elite may as well be a secret, particularly if affected parties are not told. > Second, ANI does not steal >privacy, at worse you could make a case for anonymity. Third, theft of >gas is a crime, disclosure of a phone number isn't. What about charging me $300 over 12 years not to give out my number and giving it out whenever I called a magazine about a subscription problem, such as late arrival? If that doesn't qualify as misleading or false advertising I don't know what does. I subscribe by mail and include checks or money orders. Once they have cleared then as far as I am concerned I have already paid for any 800 calls I may have to make about late or missing issues. This covers over half the life of ANI. > By, implication you are accusing businesses who use 800 service of >being dishonest. What would you have them do? State "If you dial this >800 number, the billing number will be shown to us?". > Fourth, inform consent, who should inform who? Should it be the >provider of 800 service (e.g. Sprint), the LEC (e.g. NJ Bell), the guy >provides the wiring (Acme Electrical)? Are you one of these people who >actually wants pages upon pages of mandatory disclosures? ._dennis ] > Are we on the same topic here? My analysis is that this issue splits into 2 tracks. For people with published numbers this is probably a non-issue. For people who pay for non-published numbers there should be a substantial issue that their reasonable expectation of privacy of their unlisted number is not being met. Should I have stated that I'm following the unlisted number issue up front? Over the last dozen years I have paid BC Tel over $300 not to tell anyone my home phone numbers. They didn't mention any exceptions to this on any of the 4 times that I contacted them to arrange for a service at new unlisted numbers. That would have been an appropriate time to inform me. BC Tel also has text in it's telephone directories about making toll free long distance 800 calls, and how to call directory assistance to ask for them. This would also be an appropriate place to disclose. BC Tel also runs TV ads almost every weekday about it's 800 entry service. A number of the proponents of this have mentioned how valuable ANI is in preventing fraud. How is it that BC Tel never seems to get around to mentioning this in it's ads? That would be an appropriate place to mention such a valuable feature, while also informing BC Tel's unlisted customers about this. I only found out about ANI about 18 months ago. Do I think BC Tel and other Telcos that fail to inform customers are dishonest? I think that not informing unlisted subscribers is just as dishonest as if a car dealer sold customers locking gas caps and also sold master keys for them to other people. As to pages of disclaimers, are you kidding? A lot can be said with just a symbol or logo. How about adding the initials ANI in small print each time someone advertises an 800 number that uses ANI? The Canadian Direct Marketing Association's adoption of a mandatory code of ethics has made the display of the CDMA integrity logo a shorthand way of saying a lot about what customers can expect in the way of privacy. A similar approach by businesses that use 800 ANI lines would go a long way to defusing this. [Moderator's Note: ANI is not the only place where the LEC gives out phone numbers. They are required to by FCC regulations to give it to any long distance company that asks for it. If there is a court order they are required to give it out. In my phone book, "Morris County Area, NJ" under Non-published number it states "Your number is not in the directory and is not available through Directory Assistance". Do you want the LEC to list every possible circumstance where you number is revealed. All that is being given out is phone number; no name, no ssn, no complete address. As far as it being a secret, there is an implication in the word secret that it was deliberating being withheld from the public. From a technical stand point your LEC did not "give it out". It was necessary to give it to the long distance provider to complete the call. It was the 800 provider that gave it out. ------------------------------ End of Computer Privacy Digest V3 #027 ******************************