Date: Sat, 11 Sep 93 12:26:34 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#031 Computer Privacy Digest Sat, 11 Sep 93 Volume 3 : Issue: 031 Today's Topics: Moderator: Dennis G. Rears Re: Computer Privacy Digest V3#026 Re: ANI Re: ANI Re: ANI and CNID (was: Re: Computer Privacy Digest V3#026) Re: ANI Re: ANI The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Fri, 10 Sep 93 11:08 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: Computer Privacy Digest V3#026 On Sep 10 at 11:47, John Macdonald writes: > And you are claiming that since *you* do not misuse ANI *no-one* > ever has or ever will. I make no such claim. It is possible for anyone to abuse anything. And if anyone in the course of such abuse injures or causes anyone to be injured in any way, I feel that all legal remedies should be brought to bear. > I have given a very good reason for people to fear ANI many times. > Experience with mailing lists. You have made a dubious connection between two unrelated fields and then use that shaky premise to "prove" your point. I do not buy fantasy and speculation. Further, even if your crystal ball is right on the money and you can predict the future based upon contorted logic, I am not a fan of "preventative" legislation where no real need has been demonstrated. And finally, from an individualistic point of view, why should I be penalized because you THINK others might abuse something? I am getting very tired of the glib "for the good of society" argument. More and more rights and freedoms in this country are being trampled on "for the good of society". So until someone can come up with something more than fantasy, speculation, opinion, logic, and paranoia, I have nothing more to say on the matter. There has been ample time (twenty years) for hard data to be collected on the dangers of ANI delivery. Even Caller-ID has been with us for awhile. I am open to examine case histories, but I am through "debating" in a vacuum. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ From: John M Joy Subject: Re: ANI Date: 10 Sep 1993 18:38:05 GMT Organization: Department of Computer Science, Michigan State University In article "david.g.lewis" writes: > >You seem to be seeing a contractual obligation where, IMHO, none can be >present; namely, between the calling party and the called party. I >call an 800 number to receive some service - be it information, >negotiation of a future transaction, customer support, or what have >you. I am not providing any consideration for that service; on the >contrary, the called party is explicitly enabling me to contact them >without any payment on my part. From what little I remember of one >business law course I took years ago, there can be no contract without >consideration from each party. My comments regarding any sort of contract between called and calling parties was meant as a metaphor, not an invocation of contract law. My point was that (1) the 800 customer has something the caller wants; (2) in exchange, it seems reasonable for the 800 customer to want something in return. However, the caller should know up-front that such a "catch" is there, and, as I had noted, most people were never informed of such a "catch." >Where the contract *does* exist is between the called party and the 800 >service provider. The 800 service provider provides to the 800 >customer a telecommunications service, and the 800 customer provides >consideration in the form of payment for the telecommunications >service. More explicitly, for "ANI-delivery" services the 800 service >provider provides to the 800 customer an information forwarding service >- the forwarding of the calling party's billing number at call setup - >and the customer provides consideration in the form of a per-call >payment for each billing number forwarded. This is true. However, that's between the provider and the 800 customer. The average telephone network user (caller) has to deal with a local telephone company, which, at least in any area I know, is a monopoly and regulated as a utility (just like the electric company). After all, we can't have every Tom, Dick, and Harry putting lines on the local telephone poles. Thus, my service agreement is with my local telephone company. THEY are the ones actually transmitting the caller's number in accordance with whatever agreements THEY have with long-distance carriers. >Under the strictest interpretation of contract law, this could be a >totally private transaction; however, as most telecommunications >service providers are obligated to file tariffs for all services, the >"contract" is a matter of public record. As I've said before, I >consider it somewhat of a leap of reasoning to go from "I never knew >that my ANI was sent to 800 customers" to "ANI delivery is a deep dark >telco secret". The information has been disclosed to the public. >Tariff filings are public record. You don't even need FOIA requests to >get them - they're in libraries. What do telcos have to do, go >door-to-door handing out leaflets? No, but (a) telling a customer up front, at the time the service is established, and/or (b) in lieu of (a), as in the case of the Southern New England Telephone Company (Connecticut), placing a notice on/in the telephone bill, that customers dialing 700, 800, or 900 numbers may have their calling number released regardless of CID setting, is more than reasonable. Customers should likewise have the option of disabling calls to these numbers from CID-blocked lines. As far as tariff filings being public record: I know my public library back home didn't have them. Yes, it is unreasonable to expect Joe Customer to pour through volumes of tariff charts and legalese to get such information. Case in point: ANY government agency requesting a Social Security Account number MUST, AT THE TIME SUCH A REQUEST IS MADE, provide a Privacy Act statement. Yes, the statement is on file in some Federal document or other. But in most real-life situations, people don't have the luxury of being able to drop everything and run to the nearest legal library to research their rights - hence the Privacy Act. Local telephone companies - the monopolies with whom the average telephone user has a service agreement - are "quasigovernment" entities, and thus subject to increased regulation (usually in the form of a "Department of Public Utility Control"). As such, while being granted the right to operate in a particular area without competition, they inherit the responsibility to be reasonable and above-board in their dealings with customers. Selling a user's identification without the user's knowledge, and despite options suggesting that such a sale would not happen (e.g. unlisted/unpublished/*67/ line block), is unreasonable. JMJ ------------------------------ Date: Fri, 10 Sep 93 15:39:40 EDT From: Dennis G. Rears Subject: Re: ANI >My comments regarding any sort of contract between called and calling >parties was meant as a metaphor, not an invocation of contract law. >My point was that (1) the 800 customer has something the caller wants; >(2) in exchange, it seems reasonable for the 800 customer to want something >in return. However, the caller should know up-front that such a "catch" >is there, and, as I had noted, most people were never informed of such >a "catch." > > >This is true. However, that's between the provider and the 800 customer. >The average telephone network user (caller) has to deal with a local >telephone company, which, at least in any area I know, is a monopoly and >regulated as a utility (just like the electric company). After all, we >can't have every Tom, Dick, and Harry putting lines on the local telephone >poles. Thus, my service agreement is with my local telephone company. >THEY are the ones actually transmitting the caller's number in accordance >with whatever agreements THEY have with long-distance carriers. ^^^^^^^^^^ They are not agreements. They are FCC requirements. >No, but (a) telling a customer up front, at the time the service is >established, and/or (b) in lieu of (a), as in the case of the >Southern New England Telephone Company (Connecticut), placing a notice >on/in the telephone bill, that customers dialing 700, 800, or 900 numbers >may have their calling number released regardless of CID setting, is >more than reasonable. Customers should likewise have the option of >disabling calls to these numbers from CID-blocked lines. Why should they have an option? The telephone company is providing you a service on their terms. If you don't like don't use their service or convince them it is in their economic interests to change. Do you have any idea of the cost to impliment ANI blocking? > >As far as tariff filings being public record: I know my public library >back home didn't have them. Yes, it is unreasonable to expect Joe >Customer to pour through volumes of tariff charts and legalese to get >such information. Then who decides what part of the tariff should be put into the phone book? I think it is more of a question that TPC didn't think to put it in the phone book than decided to not put it in a phone book. There is so much info that is useless to the consumer in the tariffs. >Case in point: ANY government agency requesting a >Social Security Account number MUST, AT THE TIME SUCH A REQUEST IS MADE, >provide a Privacy Act statement. Yes, the statement is on file in some >Federal document or other. But in most real-life situations, people don't >have the luxury of being able to drop everything and run to the nearest >legal library to research their rights - hence the Privacy Act. This is irrelavant. The Privacy Act only applies when the SSN is coming directly from the SSN owner. In this case it is TPC which is providing the number not the subscriber. > >Local telephone companies - the monopolies with whom the average telephone >user has a service agreement - are "quasigovernment" entities, and thus >subject to increased regulation (usually in the form of a "Department of >Public Utility Control"). As such, while being granted the right to operate >in a particular area without competition, they inherit the responsibility >to be reasonable and above-board in their dealings with customers. Selling >a user's identification without the user's knowledge, and despite options >suggesting that such a sale would not happen (e.g. unlisted/unpublished/*67/ >line block), is unreasonable. First they are public utilities, not quasigovernment entities. The New Jersey Turnpike authority is an example of a quasigovernment enitity. They are not selling a user's indentification. They are only giving the phone number and class of service. They are not giving a name or address. Unlisted & unpublished mean very precise things. Call block states it will block Caller ID and it does. This hopefully will be my last thoughts on the subject. I think the main issue here is that the general public is not aware of ANI and people think TPC should publish this. I have no problem with TPC notifying people about ANI. The other issue is about blocking ANI; It's not going to happen. dennis ------------------------------ Newsgroups: comp.society.privacy From: Hans Lachman Subject: Re: ANI and CNID (was: Re: Computer Privacy Digest V3#026) Organization: Netcom Date: Sat, 11 Sep 1993 00:14:33 GMT Apparently-To: comp-society-privacy@uunet.uu.net In article John Higdon writes: >John Macdonald writes: > >> ... it would be nice it there was some way >> of making the default go the other way and making consent necessary >> to collect ANI information into a database ... > >You are claiming that ANI delivery causes harm. Prove it. Does the ability to *suppress* ANI/CNID cause harm? Prove it. [Moderator's Note: If ANI was suppressed, the 800 owner could refused to pay for the call. Besides, the owner is paying for delivery. ._dennis ] Hans Lachman lachman@netcom.com ------------------------------ Date: Fri, 10 Sep 93 17:18:28 PDT From: Kelly Bert Manning Subject: Re: ANI Reply-To: ua602@freenet.victoria.bc.ca All the new stuff begins about 3 screens in. > >In Kelly Bert Manning > writes: > >>This has to do with a phone number being a key which can be used to >>identify a persons home address without much trouble. Instead of having >>to check every state driver registry a stalker simply has to look at the >>list of registered voters in a particular electoral district of a specific >>city in one state. > >A stalker could just as easily follow you home from work, the grocery store, >or any number of other places. How do you suggest we handle situations like >those? (I know how I would handle it, but I'm curious as to how you would.) >Eventually you are going to have to confront the fact that shit happens and >you have to take responsibility for your own safety. (In other words, you >watch over Kelly and I'll watch over John. I don't need you or anyone else Why bother with police then? Actually this has a high potential for escalating into a flamewar, so I won't respond to this comment. >to protect me from ANI or the boggeyman.) > >If you're concerned about someone finding your address: rent a private >mailbox somewhere. Then use it for everything that is a matter of public >record. If you're concerned about a company using ANI in some unsavory >manner, either 1) don't patronize that company, 2) call their non-800 >number, or 3) do business is some other fashion (e.g., by mail, by fax, >or in person). > >john Actually I'm surprised to have to tell you and the moderator that I've had a series of mail boxes over the last 5 years. I thought that that didn't have to be said, just as I'm surprised that the moderator though that a return address on an envelope would say anything about where I live within the 10 incorportated areas Greater Victoria. Should I also mention that there is no identification of where I live on my checks? The only address is the bank branch, which I haven't set foot in in over a year. Canada Post corp has essentially privatized all post office service and private citizens can only deal with what are called Retail Postal Outlets. These have to offer PO box service as part of their service. This has created a proliferation of such boxes in malls, sometimes as standalone operations, but usually as a sideline in a pharmacy, a drycleaner, or a 7-11. One feature of these being Real PO boxes is that Canada Post allows you to forward mail to them from another mailing address for about $15 for 90 days. When I last moved I did this from my old street address for 210 days. My PO box has no relationship to my home address. Features that I looked for were a number of different approachs to it, and a number of different places to park relative to it. The hours that it is open are also important, since I don't want to set a pattern of picking up mail at a particular time or day of the week/month. Canadian malls security staff don't carry guns like their US counterparts but they are professional enough that 2 were able to arrest an armed mass murderer from California in an Aleberta mall. Store owners pay attention to who is hanging around and loitering. I'm surprised that you don't seem to think that in 13 years we have run into him or seen him near where we work. He has been spotted driving around the parking lot where my wife and I used to work. The friend who commented on seeing him commented that he didn't see him long enough to get the licence or a good vehicle description, but commented that it "looked stolen". This was in reference to the fact that he has a long record for auto theft and possession of stolen cars, as well as other property. Funny you should ask what we would do if he started tailing us. About the time that we decided to avoid him an acquaintance noticed him following her around in a van. She wrote down the licence plate and make and drove to a police station. He disappeared when she did this. The police found that the registry data for the plates didn't match the vehicle description in any way, so they gave her an escort home and initiated a search which guickly located the vehicle. One of the detectives involved with the college student disappearance was part of the surveillance team but this guy never returned to it. In general this guy has never had the money to insure a vehicle, although he may be able to get his name registered on a junker. He has such a long record of auto theft/possesion that police would have no trouble justifying a vehicle pull over if we called 911 from a pay or cell phone. The only difficult I've had with my PO Box is finding one of my tires rapidly loosing air from what may have been a knife puncture once when I parked right outside the closest mall entrance to my PO box. Canada has national firearms acquisition controls which make it difficult for someone to get a firearm unless the local police approve. Unfortunately we get a tide of them coming over the US border illegally. I seen reports about polls showing that most US citizens want similar controls.(please don't start up a flamewar about the right to bear arms, 3 of my grandparents were homesteaders who came from the US and I have a bookful of stories about forebears who took up arms against the tories and hessians. I respect the political system that they fought to establish but I also understand the need to adapt to different threats in different times). As to using my PO box for all matters of public record, that is not possible but I am not going to spell out the details. As I mentioned in "who cares" I am beginning my work on public records which provide a name key retrieval over a wide geographic area. The BC Ombudsman's office, and the Registrar of (Credit) Reporting Agencies have been valuable resources in dealing with various public and private data banks, but the Ombudsman Office role will be taken over by the new BC Privacy Commissioner later this fall. I'm surprised that I have to go into this much detail, I assumed that this forum has seen a lot of discussion along these lines. One technique that I haven't tried out is paying for a non-Canada Post mail forwarder. One circumstance in which I exercise extreme caution is when I get a call from my PO Box saying that a Priority Post parcel has arrived. I've made a hobby of filing coments on Cable operation and channel renewal applications for some time, occassionaly some letter I've written results in them sending me a notice of some hearing that they seem to feel I may wish to comment on. The downside of this is that the hearing documents are publicly available, but only in CRTC offices. I did get one phone call from a toronto newspaper when I included my work phone number on the CRTC copy of one filing, which I resolved by including it in subsequent filings on a separate piece of paper which stated that it was not provided for CRTC staff use only as was not part of the comment. This has given me enough knowledge of the CRTC process that I feel that they may be my best avenue of dealing with the ANI informed consent issue. I did win the only objection I ever filed with the CRTC about a BC Tel rate increase proposal. The moderator suggested that knowing my home phone number would not identify my address any more closely than a return mail address would. Let's look at the number. Greater Victoria is not particularly highly populated, so it only has 34 exchange codes, and 11 town/city halls at which local municipal records could be examined or purchased. The BC Tel directory showing the free calling areas is overlaid with a map of municipal boundaries, so the exchange prefix narrows the number of sets of records to be searched from 11 to 1, a 90% reduction. Is this insignificant? There is a security principle called security by obscurity, but I may have a misconception of it. I don't wish the moderator or anyone else to get the impression that I take personal offense to his comments. I hope that paranoia is not my natural state of mind, and that it maintaining it is a difficult job. If anyone can point out areas where I really don't have a legitimate cause for concern it will provide me with some relief and allow me to concentrate my energy on more useful avenues. ------------------------------ Date: Sat, 11 Sep 1993 8:45:00 -0400 (EDT) From: "Dave Niebuhr, BNL CCD, 516-282-3093" Subject: Re: ANI There are major disagreements with the collection and *possible* use/misuse of calls to 800 numbers and I'd like to side with John Higdon. I do not feel that I have ever been abused by my calling a company or service that has an 800 number. If I am interested in their produce/service, and therefore feel that the disclosure of my phone number is a small price to pay since I may receive something of higher value in return. Yes, yes, yes; I know the privacy issues involved. However, in some instances it is worth it to me to reveal a small part of that in order to get something that I want. Want a credit card or a loan? Well, just turn over your home and work phones, your address, your Social Security Number, your credit history, when you were born, etc. *That* is loss of privacy. Have I ever been harmed by that? Not to my recollection for the past 30+ years and I have a long memory. Someone mentioned abuse hotlines with 800 numbers and the fact that ANI is given. So what! If calling that number will help protect an innocent, then I am willing to reveal a miniscule portion of my privacy. There are some services that I want that have 900 numbrs but I can't call them since I have what NYTel calls Circuit 9 which blocks 900/976/540/550 numbers; I can't pick and choose. It is all or nothing. If I didn't have that blocking, then I could call those 900 numbers that I needed to call even if I was paying for it. A good example is the Better Business Bureau on Long Island. It has a 900 number. Therefore, if I want to check on a business I can't call them. I have to write. In summary, I agree with John. I have never been harmed by ANI to my knowledge and don't think that I will be in the future. Oh, and by the way, I am in the phone book. However, I use a pseudonym so that I can tell just how telemarketers are obtaining my number (not many). I can also tell how junk mailers get my address. Dave Dave Dave Niebuhr Internet: niebuhr@bnl.gov / Bitnet: niebuhr@bnl Brookhaven National Laboratory Upton, LI, NY 11973 (516)-282-3093 Senior Technical Specialist: Scientific Computer Facility ------------------------------ End of Computer Privacy Digest V3 #031 ******************************