Date: Wed, 15 Sep 93 17:29:31 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#034 Computer Privacy Digest Wed, 15 Sep 93 Volume 3 : Issue: 034 Today's Topics: Moderator: Dennis G. Rears Re: Caller ID; a different view Caller ID gives low cost access to ANI data Re: Caller ID vs Name System [Chris Nelson: Re: Spousal Signatures] About Selling Phone Numbers Re: ANI Re: ANI The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Mon, 13 Sep 93 12:50:10 -0700 From: Geoff Kuenning Subject: Re: Caller ID; a different view Organization: Locus Computing Corporation, Los Angeles, California In article Richard Blauvelt writes: > Caller ID is the electronic > equivalent of the peep-hole in my front door. No it's not. Calling Number ID is the electronic equivalent of having a small slot on your door through which a business card can be inserted, except that instead of having a name, the business card has a cryptic number. There is no guarantee that a particular business card was actually slipped through your door by the person you normally associate with that card, nor is there any guarantee that a particular person will always use the same business card. "Caller ID" is a lie perpetrated by the phone companies. It doesn't ID the caller, it ID's the calling number. If you want Calling Number ID, that's fine, but that's a different and far-less-useful thing. > When I post to a news-group or send electronic mail, my name and > internet address are attached to the message. How is caller ID any > different? It doesn't attach a name. (Of course, if you worked for IBM or another such people-disoriented company, you'd be identified as "as1265@ibm.com" and things would be closer to Calling Number ID...) -- Geoff Kuenning geoff@prodnet.la.locus.com geoff@itcorp.com ------------------------------ Date: Mon, 13 Sep 93 17:45:04 PDT From: Kelly Bert Manning Subject: Caller ID gives low cost access to ANI data Reply-To: ua602@freenet.victoria.bc.ca In a previous article, deej@cbnewsf.cb.att.com ("david.g.lewis") says: > >You may have inferred that, but I don't recall it being "established". What >I believe has been "established" is that 800 service providers offer a >service which delivers the calling party's billing number in real time. >This is not "reproducing Caller ID signals", nor is it "recreating a Caller >ID signal... defeating... a Caller ID block." It's a different service that >has nothing whatsoever to do with Caller ID. > >David G Lewis AT&T Bell Laboratories >david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation > Thanks for pointing out the need to be more precise in my statement. A call from my phone(on a type 1 or 2 switch which does not generate Caller ID signals for any line) to both of STOPPER's Caller ID demo 800 numbers demonstrated that the recreation of blocked Caller ID signals from ANI data (ANI spill) makes it possible to use cheap Caller ID access to obtain at least the calling phone number part of an ANI signal. It does not give any information about how widespread ANI spill is, but it does demonstrate that it can happen. BC Tel told me that they have a pact with other Canadian Stentor Group companies not to do this if a call is flagged as being Caller ID Blocked. This agreement doesn't apply to US companies or to other Canadian Long Distance carriers, such as Unitel. BC Tel also told me that ANI requires at least an ISDN Primary Rate interface, which I believe is about 23 times(in North America) the capacity of an ISDN Basic Rate Interface. The cost of this should rule it out except for major 800 operations, certainly for personal 800 numbers or very small businesses using entry 800 service. Does anyone care? The "Equifax Canada Report on Consumers and Privacy in the Information Age" revealed that Canadians, at least, are more concerned about private individuals obtaining access to personal information in records than about large businesses, such as insurance companies. The context seems to be that there is an assumption that certain kinds of transactions initiated by a consumer justify exceptions to blanket assumptions of confidentiality. Most Canadians have a strong concern about individuals being able to get access to public record information about other individuals. There is an expectation that large organizations exercise a monitoring role over the activity of their employees. This becomes less true as the size of the organization drops to the level of a private entrepreneur in a small business. Most people are able to understand that the wider the scope of access the greater the likelyhood of confidentiality not being respected. If everyone has access there is no confidentiality. Changing the entry price of ANI data from an ISDN PR Interface and related equipment to a Caller ID box and interface enlarges the scope for abuse. ------------------------------ From: David Dyer-Bennet Subject: Re: Caller ID vs Name System Organization: Network Systems Corporation Date: Tue, 14 Sep 93 18:36:45 GMT In article rogerj@otago.ac.nz writes: >I would be interested in what people would think about this method of >Caller Id. Instead of display the telephone number of the caller the >initial of their first name (and maybe the initial of their middle) and >their surname gets printed on the screen. Thus instead of 477-9229 being >displayed J. Bloggs is displayed on the screen. > >The following comments refer to the residential use of caller id and >not to business. My reasons for supporting this idea are. ... >2. Since the name system does not provide the answer with information about >the location or identify of the caller, vigilante action could not be >instigate. Hopefully any action brought against a caller would be >made by the police, this how abusive phone calls are handled in New Zealand. >The telephone numbers of people calling are handed over to the police rather >then the answerer. Vigilante action is much, much more likely with names given than with numbers given, because it is easy to confuse the actual information "this call was made from a phone registered to J. A. Smith" with the perveived information "this call was made by the particular J. A. Smith that I know". >5. Finally identifying people by numbers is dehumanising. Over the past >few thousand years most people have been identified by name rather than a >number, we are even labled with a name at birth, why do we want to start >labeling people as numbers? Is humanity the price of effeciency. Since you are not, in fact, identifying people, it's misleading to ues the identifiers commonly associated with people. Furthermore, since the human namespace is cluttered and overlaid, you can easily introduce accidental aliasing which would hampter police response to harrassment problems, and could also result in police harrassment of innocent people who had names the same as guilty people. Phones have always been identified by numbers. Associating a person's name with a phone is misleading at best. Don't do it. -- David Dyer-Bennet Network Systems Corporation ddb@network.com Brooklyn Park, MN (612) 424-4888 x3333 ddb@tdkt.kksys.com My postings represent at most my own opinions. Geek code 0.3 extended: GCS/O d* p--- c++ l m+ s+/+ ++!g w+++ t- r f+++ x+ ------------------------------ Date: Tue, 14 Sep 93 15:58:25 EDT From: Brinton Cooper Subject: [Chris Nelson: Re: Spousal Signatures] Organization: The US Army Research Laboratory Chris Nelson writes, in part, on how to avoid using a credit card when renting a car: "...HOWEVER, Hertz has a program where you can apply to use cash. They do a credit check, etc. to give them some assurance that you aren't the sort of person who would steal or trash their car then they send you a plastic card which you can present at Hertz locations in-lieu of credit; no deposit, nothing. Just pay cash on return. Guess who's getting my business?" That little plastic card IS a CREDIT CARD. The difference between it and VISA is in when you pay. You're carrying around a card that could be lost/stolen and used by another. You've had your "privacy invaded" to undergo the credit check (which you might not pass if you don't have credit cards or other credit anyhow) in order to get the card. The only difference, as I see it, is that you don't get a 28 day grace period plus billing delay before parting with your money. Or am I missing something? _Brint ------------------------------ Date: Wed, 15 Sep 1993 07:13:46 +0000 (GMT) From: Rene A Felix Subject: About Selling Phone Numbers Organization: University of Arizona, Tucson Two days after getting a new phone line here in Tucson, the local paper was calling to "FIRST, welcome me to my new neighborhood, and SECOND..." of course they wanted me to buy their paper. Is this common practice for the phone company? What can I do to prevent this? I'm new to this newsgroup, so my apologies if I am rehashing an old thread. ------------------------------ From: Conrad Kimball Subject: Re: ANI Date: 15 Sep 93 16:50:26 GMT In article , drears@pica.army.mil (Dennis G. Rears) writes: |> >This is true. However, that's between the provider and the 800 customer. |> >The average telephone network user (caller) has to deal with a local |> >telephone company, which, at least in any area I know, is a monopoly and |> >regulated as a utility (just like the electric company). After all, we |> >can't have every Tom, Dick, and Harry putting lines on the local telephone |> >poles. Thus, my service agreement is with my local telephone company. |> >THEY are the ones actually transmitting the caller's number in accordance |> >with whatever agreements THEY have with long-distance carriers. |> ^^^^^^^^^^ |> |> They are not agreements. They are FCC requirements. Nonetheless, they are agreements among telecom providers, with the FCC merely providing an enforcement mechanism. And, they are subject to change given the proper inducements. They are _not_ cast in stone. |> >No, but (a) telling a customer up front, at the time the service is |> >established, and/or (b) in lieu of (a), as in the case of the |> >Southern New England Telephone Company (Connecticut), placing a notice |> >on/in the telephone bill, that customers dialing 700, 800, or 900 numbers |> >may have their calling number released regardless of CID setting, is |> >more than reasonable. Customers should likewise have the option of |> >disabling calls to these numbers from CID-blocked lines. |> |> Why should they have an option? The telephone company is providing |> you a service on their terms. If you don't like don't use their service |> or convince them it is in their economic interests to change. Do you |> have any idea of the cost to impliment ANI blocking? Do _you_ have any idea of the cost? Or are you simply using the standard "it costs too much" response of one who doesn't want to change something? (It's a common response in the software business; I suspect telecom isn't too different.) As for your take-it-or-leave-it attitude about TPC, that's precisely why they are regulated, because we _can't_ get alternative service. It's an unbalanced bargaining situation, which regulation attempts to rectify. TPC is _allowed_ to operate (as a monopoly) as long as it serves the public interest; if the public interest (as defined by regulators) decides things should be different, TPC has to change or get out of the business. TPC exists to _serve_ the public, plain and simple. |> They are not selling a user's indentification. They are only giving the |> phone number and class of service. They are not giving a name or address. With reverse directories and such, it's trivial to map a phone number to a name and address. Thus, they are essentially equivalent. -- Conrad Kimball | Client Server Tech Services, Boeing Computer Services cek@sdc.cs.boeing.com | P.O. Box 24346, MS 7A-35 (206) 865-6410 | Seattle, WA 98124-0346 ------------------------------ Date: Wed, 15 Sep 93 17:11:40 EDT From: "Dennis G. Rears" Subject: Re: ANI Conrad Kimball writes: >In article , drears@pica.army.mil (Dennis G. Rears) writes: > >|> Why should they have an option? The telephone company is providing >|> you a service on their terms. If you don't like don't use their service >|> or convince them it is in their economic interests to change. Do you >|> have any idea of the cost to impliment ANI blocking? > >Do _you_ have any idea of the cost? Or are you simply using the standard >"it costs too much" response of one who doesn't want to change something? >(It's a common response in the software business; I suspect telecom isn't >too different.) Under current tariffs, 800 users could refuse to pay their pay bacuase of lack of number identification. I could not tell you the cost, maybe John can. The 800/900 system would in a best case situation need a minor design change. I view this whole issue of 800/900 ANI as a minor issue at best. Has anyone reading this newsgroup felt strongly enough to write to the FCC? If not, why the big issue? > >As for your take-it-or-leave-it attitude about TPC, that's precisely why >they are regulated, because we _can't_ get alternative service. It's an >unbalanced bargaining situation, which regulation attempts to rectify. >TPC is _allowed_ to operate (as a monopoly) as long as it serves the public >interest; if the public interest (as defined by regulators) decides things >should be different, TPC has to change or get out of the business. TPC >exists to _serve_ the public, plain and simple. They are regulated because they are a monopoly not because they have a "take-it-or-leave-it attitude". Your individual contract (if such a thing exists) is with the TPC. The TPC is merely acting as a liason between the subscriber and 800 deliverer. The 800 deliverer will not accept the call unless ANI is provided. The TPC has no choice in the matter. > >|> They are not selling a user's indentification. They are only giving the >|> phone number and class of service. They are not giving a name or address. > >With reverse directories and such, it's trivial to map a phone number to >a name and address. Thus, they are essentially equivalent. I agree that with reverse directories it is easy to map a phone number with a name and address. I disagree that it is equivalent. One, TPC is not selling the number, they are providing the number as required to complete the call. TPC is not makign any money off of it. ------------------------------ End of Computer Privacy Digest V3 #034 ******************************