Computer Privacy Digest Mon, 13 Sep 93 Volume 3 : Issue: 033 Today's Topics: Moderator: Dennis G. Rears Re: what is ANI? Re: Something to Consider Re: ANI and CNID Re: ANI More on ANI/800 numbers Re: Caller ID vs Name System Re: does anyone care about ANI? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Sat, 11 Sep 1993 20:51:10 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Re: what is ANI? From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- > [Moderator's Note: Anybody want to take a stab at answering *ALL* > these questions? ._dennis ] Hack, slice, Here I go: "John P. Quinn" , writes: > 1. What does ANI stand for? Automatic Number Identification. > 2. How can I block caller I.D.? If blocking is available - it is not available in New Jersey and has just become available in Virginia - you dial the toggle code which is usually *67 or 1167 on some rotary phones. Note that this is a *toggle*. If your phone has blocking set on permanently, *67 will *unblock* for one call. > 3. What effect does *67 before the fone # string do for me, and > what numbers and/or business's can over-ride the *67? The code tells the SS7 switch to not pass the SS7 number information packet on to the caller. A telephone company could override this if they reprogrammed the switch to change this. > 4. What are the advantages and disadvantages for me to have > caller I.D? Advantage: know the phone number (and sometimes the name) of the calling party before they answer. Or know that they don't want you to know their number. Disadvantage: usually requires extra hardware (unless you own a caller-id equipped phone) and extra monthly charge. Also, if the switches are not all SS7 or equivalent, you could be paying for a service that is only partially useful. > 5. What are the advantages and disadvantages for an outsider to > have caller I.D. and caller I.D. blockage? You can refuse to answer (or dump to your machine) any calls from people you don't know; you can refuse to give out your phone number. > 6. How come some people dial in *67 on there phone before dialing > the rest of the number and it doesn't work for them? If it really doesn't work, they should get a recording indicating that the code is bad. Otherwise, what it could mean is they dialed something else *before* dialing *67. Such as dialing *70 to disable call waiting, or 9 for an outside line. If you are on Centrex - telephone company PBX service - the *67 is dialed even before you dial 9. If you are using a company PBX, you dial 9, then dial *67. > 7. Why are people confused about the difference between ANI and > PBX and other type of devices? ANI is a class of information; 'PBX' is a class of device; not the same. I think your question was why do people confuse ANI and Caller-ID. For most purposes, they are the same. If you use a PBX that can give out a specific extension number, it may generate an ANI *different* from a caller-id code, or it may generate nothing for caller-id or they may both be the same, but *not* be the *incoming* number that phone uses. A phone has an outgoing number and an incoming number. Those are not necessarily the same. My home phone has two different phone numbers on it; one is xxx-x7zx and goes "Ring...Ring...Ring" when called. The other number is xxx-x8zx and goes "Ring-Ring...Ring-Ring... Ring-Ring..." The number I give out for incoming calls is the "Ring-Ring" number; the actual ANI/Caller-ID/Billing number is the "Ring" number. (The phone numbers of both are the same in the first 4 and last digit). I can receive calls on the number with 8 in it, but that's *not* the number it gives out when called. I had to explain this to a man at a Dominos pizza with caller-id that the phone has two different numbers on it. One time I shocked the guy at Dominos: "And your phone number?" "Why do you bother asking? You've got caller ID there!" > 8. How long has this technology been around, and in what other > types of similar devices? ANI has been used on automated dialed calls for more than 20 years. I have been told that it has been available on 1-800 calls for a few years now. And Caller-ID has been available about 2-3 years, since telephone companies started installing SS7 Switches that have this feature. --- Paul Robinson - TDARCOS@MCIMAIL.COM ----- The following Automatic Fortune Cookie was selected only for this message: God is really only another artist. He invented the giraffe, the elephant and the cat. He has no real style, He just goes on trying other things. -- Pablo Picasso ------------------------------ From: "Kirsi M. Vivolin" Newsgroups: comp.society.privacy Subject: Re: Something to Consider Date: 11 Sep 1993 20:57:31 GMT Organization: University of Washington, Seattle In article , Wm. L. Ranck wrote: >Mark W. Eichin (eichin@athena.mit.edu) wrote: >: Why does it give more privacy? My old phone number was >: 508-670-xxxx; that was enough to narrow things down to a small town, [munch] > >The point someone was trying to make is that some companies might use >their ANI service to build a telemarketing database. They may even >make a point of marketing non-published numbers. Excuse me for jumping in, but I think that the thread is missing the point with respect to CallerID, ANI, and privacy. IMHO the problem with ANI and especially with CallerID is what happens when data from a large number of sources is pooled into one database. This includes data from debit/credit card transactions, library borrowings, etc. Stuart Brand's First Law of Data is 'Data seeks other data and merges with it'. Most of us do not object to a few people being aware of *some* of our comings and goings. For example, if a neighbor sees me in the store buying Goober Grape and talking to a friend, I really couldn't care less. I know I'm being observed, and by whom; furthermore, there is a kind of parity(I see you, you see me). On the other hand, if my neighbor starts following me around, recording all of my transactions(time, place, date, items, etc), and noting my conversations (not content, but when, with whom, who initiated, for how long), then I'm going to be a little upset. Most people would be. Now, the information recorded from ANI or CLRID on any one call is pretty harmless - roughly analogous to one person seeing you talking to a friend on one occaision. On the other hand, the kind of information you get when you start pooling this data can have heavy implications for privacy. Suppose I want to start a business dealing in information gleaned from CallerID boxes and ANI. If you want to subscribe, you can pay (in part) by giving me the information from your own ANI or CLRID boxes. I make my money by combining the information with data gleaned from other sources, like debit card transactions. What services do I offer? - Pre-employment screening:You have a prospective employee in your office. Want to know if they are negotiating for a job elsewhere? I can tell you if they have called the employment office at a participating competitor's firm. Want to know if they have friends in the industry? Same method. Want to know what their hobbies and activites are? I can search for calls originating or ending at that number from any of a host of local businessess - sporting goods stores, ski areas, smoke shops, bars, whorehouses.... Want to know if they stay out late at night? I can see if their phone makes a lot of calls during certain hours. - Marital issues/infidelity:Want to see if he's seeing someone else? I can screen to see if somebody else's phone has reported a call from your number. You match the list of numbers so derived against the numbers of the people you know, and flag any that are unfamiliar. - Just about anything:If I have access to debit/credit card txns as well as information gleaned from CLRID and ANI, I can tell you damn near everything you want to know about a person. I can tell you who they called and who called them, when they did it, how long they talked. I can tell you where they went, what they bought, how they paid, how much they spent, and when they did it. One nifty application for insurance companies:you can see how many tobacco products somebody buys, and cancel their health plan if they smoke too much. For this system to be effective, a substantial number of persons/businesses in a given area need to give me the data they collect from CLRID and ANI, to say nothing of financial transactions. Why would they do that? Simple. They need to do it to get access to the database themselves. They have little to lose by giving up their data, and much to gain through access to the database. Remember, information is intangible, and costs nothing to copy. If I have an apple and give it to you, it costs me an apple. If I have information and give it to you, it does not cost me information - I still have all the data I started with. If you doubt that competing firms will cooperate in the sharing of this kind of information, consider the fact that banks, credit firms and retail outlets compete with each other but most share information with the credit bureas(Equifax, etc). The only differnce here is that there is more data to keep track of - less value per byte - but outside of that the economics is basically the same. The point is that information from CLRID, ANI, single financial transactions, etc. is harmless if each datum is kept in isolation. On the other hand, if data from many different points starts converging into one database, privacy becomes impacted. Not only can we expect this to happen(it is happening now), but we can expect little guidance from the existing body of law, simply because there has never been any precedent to this. ------------------------------ Date: Sat, 11 Sep 1993 21:13:15 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Re: ANI and CNID From: Paul Robinson ----- > > You see, I believe that ANI and CNID both are invasions of > > my anonymity and privacy, and violate the ECPA... > > That is really reaching, but if you feel so strongly about it, > take someone to court. Of course, your face may really be red > if you find out that the company you call is NOT capturing > ANI (as most do not). And I suspect that most courts would > require you to demonstrate harm rather than just attitude. Not true. The Electronic Communications Protection Act makes the use of a "trap and trace device" prohibited without a court order. No harm need be shown; just as listening to the cellular radio bands is illegal, having a "trap and trace device" that captures the calling party's number violates the ECPA. I am waiting for some person who is arrested using a Caller ID box or ANI to get the evidence pointing to them thrown out since the evidence was obtained illegally, e.g. through use of a "trap and trace device". I've been saying this for two years; while I personally *like* the idea of Caller-ID and ANI, I'm waiting for some quick shyster to use it to make money, since I believe the ECPA provides for civil damages *without proof of any harm or damage*. The supposed idea is, if I remember that part of the law, is that using the trap and trace device is a 'de jure' (at law) violation of privacy (even though it is not a de facto 'in fact' violation of privacy) and statutory damages can be sought. I may be wrong on this part. I do *know* that T&Ts are illegal; I *believe* they allow for statutory damages. Now the question comes up, how do you define Caller-ID and ANI - which return the caller's number - without they're being Trap and Trace devices? I can't think of a way. --- Paul Robinson - TDARCOS@MCIMAIL.COM ----- The following Automatic Fortune Cookie was selected only for this message: Computer programmers do it byte by byte ------------------------------ From: John Starta Date: Sat, 11 Sep 93 21:23:57 -0700 Reply-To: tosh!starta@enuucp.eas.asu.edu Subject: Re: ANI In <9309110018.AA08929@freenet.victoria.bc.ca> ua602@freenet.victoria.bc.ca (Kelly Bert Manning) writes: >I'm surprised that you don't seem to think that in 13 years we have run >into him or seen him near where we work. He has been spotted driving >around the parking lot where my wife and I used to work. The friend >who commented on seeing him commented that he didn't see him long enough >to get the licence or a good vehicle description, but commented that it >"looked stolen". This was in reference to the fact that he has a long >record for auto theft and possession of stolen cars, as well as other >property. > >In general this guy has never had the money to insure a vehicle, although >he may be able to get his name registered on a junker. He has such a long >record of auto theft/possesion that police would have no trouble justifying >a vehicle pull over if we called 911 from a pay or cell phone. Actually I was thinking more along the lines of: Why isn't this guy in jail? He has raped your wife, stolen vehicles, and harrassed numerous people and yet he still walks the streets. This isn't a problem with ANI or privacy, its a problem with the local police not doing their jobs! >The only difficult I've had with my PO Box is finding one of my tires >rapidly loosing air from what may have been a knife puncture once when >I parked right outside the closest mall entrance to my PO box. Canada >has national firearms acquisition controls which make it difficult for >someone to get a firearm unless the local police approve. Unfortunately >we get a tide of them coming over the US border illegally. I seen reports >about polls showing that most US citizens want similar controls.(please >don't start up a flamewar about the right to bear arms, 3 of my grandparents >were homesteaders who came from the US and I have a bookful of stories about >forebears who took up arms against the tories and hessians. I respect the >political system that they fought to establish but I also understand the >need to adapt to different threats in different times). Since I have never mentioned firearms anywhere in my messages, I have no idea why you would think I would flame you over the mention of the gun control laws in Canada. I do however question the validness of this report suggesting United States citizens want strict gun controls like Canada. john -- *** PHOENIX SUNS * 1993 WESTERN CONFERENCE CHAMPIONS * PHOENIX SUNS *** ------------------------------ Date: Sat, 11 Sep 1993 21:43:40 -0400 (EDT) From: "Paul R. Coen" Subject: More on ANI/800 numbers Organization: Drew University Academic Technology It seems to me that part of the problem here is the difference between something being confidential and something being anonymous. It's a distinction that social scientists have to make when doing studies, especially surveys. Basically, if it is confidential, the researchers know the identity of a study participant, but they won't release it (and generally take steps to make sure that you can't figure out who it is). Unfortunatly, that's not a distinction that the public at large is used to making -- certainly not concerning the telephone. Anonymous studies are just that -- the researcher doesn't have the identity of the respondents. Some of the disagreement over 800 numbers seems to be confidentiality vs. anonymity. Why not require confidentiality? They can record who you are, and what your phone number is, and use it themselves. They couldn't, however, sell your name and number to someone else. Seems fair enough. You can allow the police to get the records with a warrant, unless it would violate a legally protected relationship (doctor/patient, lawyer/client, etc). Aside from billing and their business purposes, they really shouldn't have need for your number. ------------------------------ From: "Scott E. Preece" Subject: Re: Caller ID vs Name System Organization: Motorola MCG, Urbana Design Center Date: Sun, 12 Sep 1993 19:56:05 GMT In article rogerj@otago.ac.nz writes: | I would be interested in what people would think about this method of | Caller Id. Instead of display the telephone number of the caller the | initial of their first name (and maybe the initial of their middle) and | their surname gets printed on the screen. Thus instead of 477-9229 being | displayed J. Bloggs is displayed on the screen. --- I think the non-uniqueness argument is sufficient to disqualify this approach. While caller screening is an important reason for having Caller Id, I think the ability to uniquely identify an harrassing caller is at least as important. On the other hand, *any* unique ID would be fine -- it doesn't need to be the caller's callable phone number. The caller's name, with an added discriminator to make it unique, would be fine, so would an arbitrary numeric or alphanumeric ID assigned by the phone company. It would also be nice if the system allowed the caller to add an additional digit or letter to their ID at the time the call is made, so that the members of a household sharing a phone could indicate who within the group is making the call. scott -- scott preece motorola/mcg urbana design center 1101 e. university, urbana, il 61801 phone: 217-384-8589 fax: 217-384-8550 internet mail: preece@urbana.mcd.mot.com ------------------------------ From: "david.g.lewis" Subject: Re: does anyone care about ANI? Organization: AT&T Date: Mon, 13 Sep 1993 17:23:25 GMT In article Kelly Bert Manning writes: > > We seem to have >established that US Carriers seem to be reproducing Caller ID signals on >long distance calls, using ANI signals that you mentioned have to be >passed along whenever a system requests them. This seems to raise the >possibility that a Telco could recreate a Caller ID signal at will for >a long distance call, defeating what the caller assumes is a Caller ID >block. You may have inferred that, but I don't recall it being "established". What I believe has been "established" is that 800 service providers offer a service which delivers the calling party's billing number in real time. This is not "reproducing Caller ID signals", nor is it "recreating a Caller ID signal... defeating... a Caller ID block." It's a different service that has nothing whatsoever to do with Caller ID. David G Lewis AT&T Bell Laboratories david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation ------------------------------ End of Computer Privacy Digest V3 #033 ******************************