Date: Fri, 10 Sep 93 12:40:14 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#030 Computer Privacy Digest Fri, 10 Sep 93 Volume 3 : Issue: 030 Today's Topics: Moderator: Dennis G. Rears Re: Computer Privacy Digest V3#026 Re: Something to Consider Re: Computer Privacy Digest V3#025 Re: ANI Re: ANI Re: should gas siphoning be decriminalized? Re: combattting telemarketers (was: ANI) The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: John Macdonald Date: Fri, 10 Sep 1993 11:47:35 -0400 Subject: Re: Computer Privacy Digest V3#026 /===== Re: Computer Privacy Digest V3#026 ===== || Quoting John Higdon, message dated Sep 9, 17:45 |+----- || You are claiming that ANI delivery causes harm. Prove it. You haven't || even given anyone any reason to put his head in the sand in the first || place. No facts, no information, no case histories. Would you like my || customer list? In no case, were any of these people harmed by ANI || delivery. And you are claiming that since *you* do not misuse ANI *no-one* ever has or ever will. I have given a very good reason for people to fear ANI many times. Experience with mailing lists. For centuries, people provided their address on business correspondence as a matter of course. A couple of decades ago, technology reached a critical mass whereby the mailing list industry became economically possible. Since then we have had the result that all businesses have had to adopt strategies to convince their customers that providing an address will lead to that address being sold to mailing lists unless the customer agrees. In some countries, laws have been passed to require this, in other countries businesses have acted quickly enough to reduce fears sufficiently that momentum was not achieved to pass laws. The usual method has been a checkbox which lets the customer choose whether they wish to have their name and address released for mailing list purposes. Most people are willing to trust that a company will not explicitly lie about how they will treat such information. Without such an *explicit* promise however, many people will expect that the company is quite likely to feel that it is totally the companies own perogative to do as they like with any information (modulo any laws that might apply). We are reaching a similar critical mass for creating a telephone list industry - we have probably have reached it in terms of having all of the technical aspects, it is now just a matter of establishing the business aspects. Your argument that no-one has ever been shown to have misused ANI on the scale necessary for justifying people to worry about its existence in the 20 years that ANI has been available pales beside the argument from say 30 years ago that no large scale misuse of addresses had ever occurred. (Hmm, I should be less inflammitory here. Where I said misuse above, I mean using in a manner that was not explicitly part of the business arrangement whereby it was provided. Depending upon the views of the particular customers, such use ranged from valuable to annoying/intrusive.) || What this country does NOT need are even more laws to prevent imaginary || harm from occurring. I am a crusader for rights second to none, but || this ultra-paranoia over a practice where there is not one single shred || of evidence of harm to anyone is a gross spinning of the wheels. The || whole thread is a good example of how we have progressed in this || country from a practical approach of dealing with real problems as they || happen to an emotion-based frenzy fueled by people who have no || expertise in the fields in which they pontificate. If you don't want laws to be passed, then find ways to reduce and deflect that "paranoia". Telling people with concerns that they are paranoid just convinces them that there *is* a reason for concern. When a problem is obviously approaching, it is silly to wait until it has provably occurred before trying to take measures to stop it. || If that is putting my head in the sand, then, sir, you do not even know || where the desert is. You and others are making assertions and claims of || harm. Let us see some evidence. (Don't worry if you cannot come up with || any; no one has in the years I have been working in this field.) Even centuries of working in the field would not be enough to predict that the future *cannot* be different from the past. -- You have to run before you can fly. | John Macdonald - Jordan Macdonald (from personal experience) | jmm@Elegant.COM ------------------------------ From: "Wm. L. Ranck" Subject: Re: Something to Consider Date: 10 Sep 1993 02:19:00 GMT Organization: Virginia Tech, Blacksburg, Virginia Mark W. Eichin (eichin@athena.mit.edu) wrote: : Why does it give more privacy? My old phone number was : 508-670-xxxx; that was enough to narrow things down to a small town, : to "zoom in" as it were, and find me. (This is why Medeco locks and : deadbolts are important...) My new phone number is 0-700-xxxxxxx and : even if I gave you the rest of the digits, it would tell you *nothing* : about the location (for that matter, the location of the number has : nothing to do with where I live -- it rings wherever I program it to.) Interesting service. Wonder what the ANI shows when you call an 800 number? Don't you have to have a "real" local phone number to program your 700 number to ring? The point someone was trying to make is that some companies might use their ANI service to build a telemarketing database. They may even make a point of marketing non-published numbers. I'm not saying anyone is doing this now, or even that I care if someone does. But, people with unlisted/unpublished numbers probably would care. -- * Bill Ranck (703) 231-9503 Bill.Ranck@vt.edu * * Computing Center, Virginia Polytchnic Inst. & State Univ., Blacksburg, Va. * ------------------------------ From: John Starta Date: Fri, 10 Sep 93 02:42:24 -0700 Subject: Re: Computer Privacy Digest V3#025 In Dick Rinewalt writes: >Desire for things like supression of ANI (as has been discussed) is >fueled by distrust - people believe that *some* companies will >collect and sell information about them without their knowledge >much less their consent, just as happened with addresses in the >last few decades. If you feel a legimate distrust that a company may do as you suggest either 1) don't patronize that company, 2) call their non-800 number, or 3) do your business some other way (by mail, by fax or in person). john -- *** PHOENIX SUNS * 1993 WESTERN CONFERENCE CHAMPIONS * PHOENIX SUNS *** ------------------------------ From: John Starta Date: Fri, 10 Sep 93 04:12:21 -0700 Subject: Re: ANI In Kelly Bert Manning writes: >This has to do with a phone number being a key which can be used to >identify a persons home address without much trouble. Instead of having >to check every state driver registry a stalker simply has to look at the >list of registered voters in a particular electoral district of a specific >city in one state. A stalker could just as easily follow you home from work, the grocery store, or any number of other places. How do you suggest we handle situations like those? (I know how I would handle it, but I'm curious as to how you would.) Eventually you are going to have to confront the fact that shit happens and you have to take responsibility for your own safety. (In other words, you watch over Kelly and I'll watch over John. I don't need you or anyone else to protect me from ANI or the boggeyman.) If you're concerned about someone finding your address: rent a private mailbox somewhere. Then use it for everything that is a matter of public record. If you're concerned about a company using ANI in some unsavory manner, either 1) don't patronize that company, 2) call their non-800 number, or 3) do business is some other fashion (e.g., by mail, by fax, or in person). john -- *** PHOENIX SUNS * 1993 WESTERN CONFERENCE CHAMPIONS * PHOENIX SUNS *** ------------------------------ From: "david.g.lewis" Subject: Re: ANI Organization: AT&T Date: Fri, 10 Sep 1993 13:23:55 GMT In article John M Joy writes: > >Just a thought on this ANI issue: > > - Since the recipient of the call is paying for the call, it would seem >reasonable to permit said recipient to see what the caller's number is. > > - HOWEVER, this would be UNreasonable if the caller didn't know this was >going to happen ahead of time (i.e. in any contractual setting, both parties >to the contract should know up front what the terms of the contract are: if >the person doesn't want ANY disclosure of the number, the person need not >dial it). You seem to be seeing a contractual obligation where, IMHO, none can be present; namely, between the calling party and the called party. I call an 800 number to receive some service - be it information, negotiation of a future transaction, customer support, or what have you. I am not providing any consideration for that service; on the contrary, the called party is explicitly enabling me to contact them without any payment on my part. From what little I remember of one business law course I took years ago, there can be no contract without consideration from each party. Where the contract *does* exist is between the called party and the 800 service provider. The 800 service provider provides to the 800 customer a telecommunications service, and the 800 customer provides consideration in the form of payment for the telecommunications service. More explicitly, for "ANI-delivery" services the 800 service provider provides to the 800 customer an information forwarding service - the forwarding of the calling party's billing number at call setup - and the customer provides consideration in the form of a per-call payment for each billing number forwarded. Under the strictest interpretation of contract law, this could be a totally private transaction; however, as most telecommunications service providers are obligated to file tariffs for all services, the "contract" is a matter of public record. As I've said before, I consider it somewhat of a leap of reasoning to go from "I never knew that my ANI was sent to 800 customers" to "ANI delivery is a deep dark telco secret". The information has been disclosed to the public. Tariff filings are public record. You don't even need FOIA requests to get them - they're in libraries. What do telcos have to do, go door-to-door handing out leaflets? David G Lewis AT&T Bell Laboratories david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation ------------------------------ Date: Thu, 9 Sep 93 23:54:53 PDT From: Kelly Bert Manning Subject: Re: should gas siphoning be decriminalized? In a previous article, the moderator says: >[Moderator's Note: ANI is not the only place where the LEC gives out >phone numbers. They are required to by FCC regulations to give it to >any long distance company that asks for it. If there is a court order >they are required to give it out. In my phone book, "Morris County >Area, NJ" under Non-published number it states "Your number is not in >the directory and is not available through Directory Assistance". Do >you want the LEC to list every possible circumstance where you number >is revealed. All that is being given out is phone number; no name, no >ssn, no complete address. As far as it being a secret, there is an >implication in the word secret that it was deliberating being withheld from >the public. From a technical stand point your LEC did not "give it >out". It was necessary to give it to the long distance provider to >complete the call. It was the 800 provider that gave it out. > It is my opinion that the Telco's withheld information that any reasonable person would feel should be provided to unlisted subscribers. Perhaps I've been unduly influenced by an article I read in the Nov 1987 issue of "Radio-Electronics". To quote from the first column on page 50: "The secrecy surrounding the AMA machine was so prevasive that local, state, and even federal police were told that local calls made by criminals were untraceable, ...Yet in areas where the AMA machine had replaced the meters, it would have been a simple, though perhaps time- consuming task, to track down the numbers called by any telephone during a 24-hour period. But Ma Bell wanted the AMA machine kept as secret as possible, and so many a criminal was not caught, and many a woman was harried by the obscene calls of a potential rapist, because existence of the AMA machine was denied." The article is nominaly a history of how Telcos defeated various illegal techniques for obtaining long distance access, but what stuck in my mind was the description of their interaction with law enforcement officials. If I am too suspicious of Telcos perhaps it is because of their behaviour in the past. ------------------------------ Date: Fri, 10 Sep 93 00:05:12 PDT From: Kelly Bert Manning Subject: Re: combattting telemarketers (was: ANI) In a previous article, Todd.Jonz@corp.sun.com (Todd Jonz) says: >frankly, I agree with Kelly Bert Manning , who >writes: > > Most people feel that information that is given for one purpose > > should not be used for another unrelated purpose without their > > consent, or transferred to a third party. Actually this was a paraphrase from memory of something that has appeared several times recently in "Communications of the ACM". I believe that these citations in CACM are quotes from "Report of the Secretary's Advisory Committee on automated personal data systems. U.S. Dept. of Health, Education and Welfare. Records, Computers, and the Rights of Citizens. 1973" I have never seen a copy of the report. My attempts to buy a copy from the US Govt. Printing store in Seattle failed. They suggested contacting HEW. >deletions >We borrowed our strategy from an episode of the PBS series "Nova" about the >commercial information industry entitled "We Know Where You Live". As I >recall, the fellow who espoused this strategy had used it to prosecute >successfully. > PBS broadcast an earlier documentary, "Computers, Spies, and Private Lives" that suggested using coded names or addresses to track who released your name. Ironically this allowed to identify that the Vancouver BC arm of KCTS, the regional PBS station, exchanged it's Canadian subscriber list with a BC Political party which shall remain nameless, except to say that it would reinforce right wing critics of PBS who consider it some sort of red or pink front group. Like most canadians I still find that PBS has more appeal than any Canadian or other US Network, but I no longer send them money. > >Purely on principle, we hope one day to get the opportunity to take one of >these jokers to court for as much as our informal legal counsel tells us we >have a reasonable chance of collecting. We have already been advised that our >best bet would be to bring an action against an out-of-state concession in the >local small claims court, where their defense expenses would exceed the >compensation we are seeking, which I believe can go as high as $5,000 in a >California small claims court. > > -- Todd An Ontario woman recently collected over $800 from "Columbia House" after it refused to stop sending her junk mail. One point to note was that this was below the amount at which Small Claims judgements can be appealled. You may want to consider this rather than face an expensive appeal to a higher court if you do win. My own ongoing harassment by telemarketers is not even in my own name. They continue to call for the husband or wife of the family who had my current number at some time in the past. It has been at least 4 years since anyone has been able to contact them at my number, let alone get a sale to them, yet the number still keeps making it's way through the tele-marketing databases. When I got another call for them earlier this week I asked the caller where he got the number from. When he said from a computer terminal I told him that it was at least 4 years out of date. I don't think that my comments earlier in the thread about tele-marketing being a scam with inflated call lists are out of line. This experience has given me valuable information about just how widely a phone number can be circulated in these databases, despite any evidence of it being a valid sales prospect, and in spite of hundreds of calls that reveal it to have been reassigned to a new family. ------------------------------ End of Computer Privacy Digest V3 #030 ******************************