Date: Thu, 09 Sep 93 16:53:54 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#028 Computer Privacy Digest Thu, 09 Sep 93 Volume 3 : Issue: 028 Today's Topics: Moderator: Dennis G. Rears Re: Boston Globe Articles Re: ANI Re: ANI Re: Computer Privacy Digest V3#025 Re: Computer Privacy Digest V3#026 Something to Consider The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Thu, 9 Sep 1993 12:38:04 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Re: Boston Globe Articles From: Paul Robinson ----- Eugene Levine , writes: > For those who can get access to the Boston Globe, that newspaper > has just begun a series on privacy. It started on the front page of > the Sunday edition (September 5, 1993)... > This will probably arrive too late to let anyone catch the articles > the first time around, but the first article was good enough to > look for. And you don't have to pay postage to respond. Their Internet address for Letters to the Editor is . --- Paul Robinson - TDARCOS@MCIMAIL.COM ----- The following Automatic Fortune Cookie was selected only for this message: What good is a ticket to the good life, if you can't find the entrance? ------------------------------ Date: Thu, 9 Sep 1993 12:42:09 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: From: Paul Robinson ----- > A right does not have to exercised, either consistently or ever, > for people to care about it and want it protected. Oh contraire, "The tree of liberty must be refreshed from time to time with the blood of patriots or it withers and dies." The rights which we enjoy as free people are only here because someone - to put it bluntly - put their ass on the line to protect them. In some cases those people paid the ultimate price to do so. It is only because some people risked their lives - and in some cases, had to pay for that risk WITH their lives - that we have freedoms. Those who note that some government is despoiling the lives of people help to identify the situation, but they do not ameliorate it. In free countries where the elected officials respect the public, all it takes is for people to disapprove of the action and it can be stopped, as happened here when the Medicare Catastrophic Health Care plan went into effect; sure, people wanted catastrophic health care, but they did not want it at the cost that was to be imposed upon them. They complained and the government stopped it. The risk is low; it is easy to bear. Where the gocvernmane it unreasonable or bankrupt, it takes armed insurreaction and civil war. But that may be preferable to the alternative. The risk is high, it is hard to bear. But in every case where governments got too powerful, it was only this method that made those in power cease and desist ruination of their people. I dare to say it is only the threat of uprising that keeps politicians from usurping people's rights; as long as they think people will do nothing, they will take more and more away from them. --- Paul Robinson - TDARCOS@MCIMAIL.COM ----- The following Automatic Fortune Cookie was selected only for this message: Troubled day for virgins over 16 who are beautiful and wealthy and live in eucalyptus trees. ------------------------------ From: John M Joy Subject: Re: ANI Date: 9 Sep 1993 14:08:54 GMT Organization: Dept. of Computer Science, Michigan State University Just a thought on this ANI issue: - Since the recipient of the call is paying for the call, it would seem reasonable to permit said recipient to see what the caller's number is. - HOWEVER, this would be UNreasonable if the caller didn't know this was going to happen ahead of time (i.e. in any contractual setting, both parties to the contract should know up front what the terms of the contract are: if the person doesn't want ANY disclosure of the number, the person need not dial it). My problem with 800 service ANI is the SECOND point. Even as a CPSR member who has been actively working on privacy issues (e.g. SSN misuse), I didn't know about it until a friend with a small business (and an 800 number) told me. Only recently has SNET, the telephone co. for most of Connecticut, started warning customers about the disclosure. JMJ ------------------------------ Date: 09 Sep 1993 19:38:37 +0000 (GMT) From: Dick Rinewalt Subject: Re: ANI Organization: Texas Christian Univ Comp Sci Dept In a previous article, john@zygot.ati.com (John Higdon) says: >Did anyone ever hear the fable about the silly women who sat around No. Have you heard the similarly silly, untrue characterization of ostriches - that they stick their heads in the sand when they sense danger? >I use ANI heavily. I use it for internal purposes and to >protect myself against fraud. Please do not pontificate about how it is >unnecessary or how it is not effective compared to the "harm" it causes >until you have my credentials in the use of ANI and about eight years of >experience in the field of customer-delivered ANI processing. I know many people with 30 years of experience in their fields who adamantly claim that FORTRAN is the only programming language worth knowing. That experience made them valuable and successful in their particular niches, but it did not make them experts in all applications of that branch of knowledge. Experience sometimes produces tunnel vision. >Dennis is absolutely correct in his assertion that most people do not >care. Yes, I have extensively observed people's reactions and >attitudes concerning it. I have yet to find anyone other than >net.posters who has so much as raised an eyebrow over the issue. But obviously some people do care. These observations (of clients? of others using ANI? etc) and Dennis's survey of 10 colleagues are unscientific, probably biased, and totally worthless. I can produce the opposite result which would also be meaningless. [Moderator's Note: I would agree with unscientific and worthless but not unbiased. I just hit upon the closest people next to me:-) ._dennis ] Dick Rinewalt Computer Science Dept Texas Christian Univ rinewalt@gamma.is.tcu.edu 817-921-7166 ------------------------------ From: John Macdonald Date: Thu, 9 Sep 1993 14:10:48 -0400 Subject: Re: Computer Privacy Digest V3#025 /===== Computer Privacy Digest V3#025 ===== || Quoting Computer Privacy Digest Moderator, message dated Sep 8, 17:36 |+----- || [Moderator's Note: [ ... ] it [is] just a phone number. ._dennis ] \========================= No, it is not just a number. It is a number, correlated with a specific business transaction, in a format that can be and increasingly is collected into a database. That database can be used to make inferences from the nature of the transaction (the accuracy of the inferances can of course vary widely) about the persons believed to be associated with that number (again, the accuracy of that association can vary). It can be combined with other similar databases collected by other organizations and used for extract extremely subtle inferences. The cost of collecting these databases has been dropping drastically over the years for many reasons (cost of computers is one, Caller-ID as a cheap substitute for real-time ANI is another, legalizing the attachment of private devices to the phone network and the subsequent development of inexpensive devices to accomplish special purposes [like interfacing directly with a computer]). This decrease in cost has been feeding an exponential growth in the amount of information collected. We are now reaching the point where a critical mass of such databases is being reached whereby it is becoming feasible to correlate large numbers of these database from many organizations for commercial purposes (sort of like where the mailing list industry was 20 years ago). Just as backlash against mailing list commercialization has lead to most forms having a checkbox allowing the customer to choose whether their name and address may be sold to outside mailing lists, there is the desire expressed by people to have a similar control over what is done with the transaction information associated with their phone calls. Desire for things like supression of ANI (as has been discussed) is fueled by distrust - people believe that *some* companies will collect and sell information about them without their knowledge much less their consent, just as happened with addresses in the last few decades. Just as the checkboxes got added to forms to counteract the similar concern about giving addresses to companies and just as laws have been passed in various jurisdictions to ensure that people can have access to database information about themselves, so will companies have to find ways of assuring their customers that their phone number will not be used in a manner that the customer does not want. As was the case with address lists, the assurance will come as a mixture of voluntary action by companies that wish to demonstrate concern for the interests of their customers and legislation to force a minimal level of action by all companies. ANI-blocking might come about if businesses do not address the distrust effectively on their own in a timely fashion (i.e. before publicity about some spectacular abuse causes a massive public outcry). The fact that this makes 800 numbers less useful as well as more expensive to businesses will not matter in that political situation. -- You have to run before you can fly. | John Macdonald - Jordan Macdonald (from personal experience) | jmm@Elegant.COM ------------------------------ From: John Macdonald Date: Thu, 9 Sep 1993 14:50:24 -0400 Subject: Re: Computer Privacy Digest V3#026 || [Moderator's Note: ANI really doesn't contribute to it. You can get the || same information when somebody mails you a letter from the return || address. 800 numbers are mainly used by businesses, for the most part || they are used immediately then tossed. Rarely, are they used for || telephone call backs. I have a residential 800 number, I don't get real || time ANI, I do get a bill which every number who call me. A unlisted || number means that number is not given out to directory assistance or || published in the phone book. I have to agree with John, you are building || a straw man about a person being raped or murder on the basis of someone || getting a phone number by ANI. || None of the people I polled had an unlisted number. || ._dennis ] Nobody requires you to put a return address on a letter - it is voluntary. So, at the present time, most businesses toss AMI info without building databases with it. So what. Some businesses build databases. Some businesses will be willing to pay for such databases (probably some already do) - as that starts happening, we will quickly see a change to the situation where many businesses build and sell such databases. Just because Dennis and John have assured us that *they* do not build databases has no bearing on the fact that making a call to XYZ Corp *may* get you entered into their database in addition to allowing to talk to the people at XYZ Corp for whatever purpose you have for calling them. Most people do not commit significant crimes, but we still have laws against those crimes. Most companies do not (at present) collect databases from ANI, but people are still concerned that *some* do and *many* might someday. Given that concern, they wish to arrange some method of controlling those databases. Sure you can always call companies from a pay phone unless you trust them to not do anything that you consider abusive with the data they collect from your call, but it would be nice it there was some way of making the default go the other way and making consent necessary to collect ANI information into a database that will be sold outside the collecting company (and possibly also requiring consent to use that information for unsolicited marketing calls by the collecting company). -- You have to run before you can fly. | John Macdonald - Jordan Macdonald (from personal experience) | jmm@Elegant.COM ------------------------------ Date: Thu, 9 Sep 93 12:33:03 EDT From: "Mark W. Eichin" Subject: Something to Consider John Higdon says... >> get bent out of shape over. When the phone company starts handing out >> lifetime phone numbers, then come back and let us discuss the matter. AT&T EasyReach(sm) 700 service. The slogan is "Life changes. Your phone number doesn't have to."(sm) But you've missed something important here, I think -- I just bought 700 service because it gives me *more* privacy, not less. (I just moved from one town to another, and have been exploring what I can do to enhance my privacy as a part of this -- a post office box has done for most things, the big one I haven't worked out yet is the DMV...) Why does it give more privacy? My old phone number was 508-670-xxxx; that was enough to narrow things down to a small town, to "zoom in" as it were, and find me. (This is why Medeco locks and deadbolts are important...) My new phone number is 0-700-xxxxxxx and even if I gave you the rest of the digits, it would tell you *nothing* about the location (for that matter, the location of the number has nothing to do with where I live -- it rings wherever I program it to.) _Mark_ MIT Student Information Processing Board Cygnus Support ------------------------------ End of Computer Privacy Digest V3 #028 ******************************