Computer Privacy Digest Fri, 17 Sep 93 Volume 3 : Issue: 035 Today's Topics: Moderator: Dennis G. Rears Re: About Selling Phone Numbers Re: ANI Re: ANI and CNID (was: Re: Computer Privacy Digest V3#026) Re: Caller ID gives low cost access to ANI data Privacy eroded by method of payment, not method of tracking Justice to choose escrow agents for encryption keys Re: Caller ID; a different view Re: Caller ID; a different view Re: CAller ID vs Name System The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: Carl Oppedahl Subject: Re: About Selling Phone Numbers Date: 15 Sep 1993 20:36:11 -0400 Organization: PANIX Public Access Internet and Unix, NYC In Rene A Felix writes: >Two days after getting a new phone line here in Tucson, the local paper >was calling to "FIRST, welcome me to my new neighborhood, and SECOND..." >of course they wanted me to buy their paper. >Is this common practice for the phone company? What can I do to prevent >this? I'm new to this newsgroup, so my apologies if I am rehashing an >old thread. Yes, most telcos peddle lists of people who have just gotten new service, and you can be sure they are very popular among many service industries including newspaper delivery. The regulators sometimes wink at this on the theory that as long as the telco charges for it, the revenue can (supposedly) go to subsidize local service. The only way to avoid it, most places, is to get an unlisted or unpublished number. Here in NY, you can have the address omitted free of charge. Then the peddled list at least does not reveal where you live. -- Carl Oppedahl AA2KW (patent lawyer) 1992 Commerce Street #309 Yorktown Heights, NY 10598-4412 voice 212-777-1330 ------------------------------ Date: Wed, 15 Sep 93 18:45 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: ANI Conrad Kimball writes: > With reverse directories and such, it's trivial to map a phone number to > a name and address. Thus, they are essentially equivalent. All the verbage aside, this is what seems to bother you a great deal. Tell me, why is it that you seem to feel it so threatened that an entity that you call who pays for that call know who you are? You know who they are. I assume you are calling to transact some sort of business. Do you typically enter into business relationships maintaining your anonymity? If the call is for product inquiry, are you embarassed that someone might know that you inquired? These are personal questions that I am asking here. I would appreciate it that if you decide to answer that you not bring up irrelevancies such as "the public" or anyone else. We are just talking between the two of us. I am interested in YOUR reasons for having an abhorrance for letting a business that YOU elect to contact know anything at all about the person doing the contacting. The custom and usage of caller anonymity, a legacy of the limited technology of the past, will die hard. As the knee-jerk reactions to anything that threatens the status quo subside, we may all eventually look back on this era with great amusement. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ From: Hans Lachman Subject: Re: ANI and CNID (was: Re: Computer Privacy Digest V3#026) Organization: Netcom Date: Thu, 16 Sep 1993 22:07:37 GMT In article Hans Lachman writes: >In article John Higdon writes: >>John Macdonald writes: >> >>> ... it would be nice it there was some way >>> of making the default go the other way and making consent necessary >>> to collect ANI information into a database ... >> >>You are claiming that ANI delivery causes harm. Prove it. > >Does the ability to *suppress* ANI/CNID cause harm? Prove it. > >[Moderator's Note: If ANI was suppressed, the 800 owner could refused to >pay for the call. Besides, the owner is paying for delivery. ._dennis ] Then the owner should simply be allowed to reject such calls (as has been argued for CNID). The above is not an example of harm. The truth is that there is no harm in having the ability to block both ANI and CNID. Hans Lachman lachman@netcom.com ------------------------------ Subject: Re: Caller ID gives low cost access to ANI data From: "Roy M. Silvernail" Date: Wed, 15 Sep 1993 21:50:07 CST Organization: The Villa CyberSpace, executive headquarters In comp.society.privacy, ua602@freenet.victoria.bc.ca writes: > A call from my phone(on a type 1 or 2 switch which does not generate > Caller ID signals for any line) to both of STOPPER's Caller ID demo > 800 numbers demonstrated that the recreation of blocked Caller ID > signals from ANI data (ANI spill) makes it possible to use cheap > Caller ID access to obtain at least the calling phone number part of > an ANI signal. It does not give any information about how widespread > ANI spill is, but it does demonstrate that it can happen. You have me completely confused with this statement. The STOPPER numbers use real-time ANI, which is how they get your billing number. No CNID signals are "reconstructed". CNID and ANI are 2 distinct and different tarrif offerings. > Most people are able to understand that the wider the scope of > access the greater the likelyhood of confidentiality not being > respected. If everyone has access there is no confidentiality. If the access is legitimate, what is the problem? I'm sure no one here supports the misuse of ANI-delivered information. But that is no reason to call for its prohibition (as several have done). > Changing the entry price of ANI data from an ISDN PR Interface and > related equipment to a Caller ID box and interface enlarges the > scope for abuse. What is your point? CNID and ANI are two different things, for different purposes. The abuse of one doesn't connote the abuse of the other, and the potential for abuse of either one doesn't mandate that such abuse exists. I have to agree with John Higdon on this. I have yet to see a documented case of ANI or CNID causing anyone harm. All I see are vague predictions and arm flailing. -- Roy M. Silvernail [ ] roy@sendai.cybrspc.mn.org cat /usr/philosophy/survival | PGP 2.3a public key #! /usr/local/bin/perl -p | available upon request next unless /$clue/; | (send yours) ------------------------------ Newsgroups: alt.privacy,comp.society.privacy From: Nick Szabo Subject: Privacy eroded by method of payment, not method of tracking Organization: NETCOM On-line Communication Services (408 241-9760 guest) Date: Thu, 16 Sep 1993 10:57:49 GMT rnimtz@berlin.helios.nd.edu (richard nimtz) writes: >I refused to give my SSN to the clerk and asked to see the manager. She >flatly refused to accept my check without the SSN. I refused to supply it >and the store lost a sale. Why not just pay cash? Checks inherently violate your privacy -- they allow transactions to be linked to your name. The store can input the transaction into their computers if desired and all U.S. banks keep photocopies of all checks. Requiring SSN is only a minor additional violation of privacy. It merely adds convenience to the traceability that is already inherent in payment by check (and credit card). Of course it would help if we didn't have fascist laws and incompetent security practices that make banks set $300 ATM limits, clerks frown at $100 bills, etc. -- Nick Szabo szabo@netcom.com ------------------------------ Date: Thu, 16 Sep 1993 11:08:10 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Justice to choose escrow agents for encryption keys From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- Justice to choose escrow agents for encryption keys Summary from {Government Computer News}, September 13, 1993, Page 4. During this month the Justice Department plans to announce the two agencies that will manage the escrow key encryption chips. This will allow federal agencies to use the draft Escrowed Encryption Standard (EES). Attorney General Janet Reno will make the appointment of the two agents. The National Institute of Standards and Technology "will likely serve as one escrow agent." NIST is reported as one of the organizations that helped create it. The person who made the announcement to the National Computer Systems Security and Privacy Advisory Board was "Geoff Greiveldinger, special counsel for the Narcotics and Dangerous Drugs Section of Justice's Criminal Division." The article goes on to describe the background of the creation of the chip including its development by the National Security Agency; the article claims it will be used to replace older Data Encryption Standard (DES) products. It talks about the serial number, chip key and family key that "authorized agencies must have to decipher encrypted messages", and how it will use two key-escrow databases using "existing wiretap guidelines requiring officials to obtain court permission for electronic monitoring." A special decoder box - which currently no suppliers have been selected to produce - is being designed by the government to help police and FBI users identify the chip number and unscramble the encoded communications. The Board raised questions about the cost - including whether this chip would make encryption more expensive and/or limit availability, as well as costs passed on to customers due to maintenance and chip replacement - and export limitations, due to concerns whether this new EES product may not be as marketable around the world as DES is, due to the key release provisions. --- Paul Robinson - TDARCOS@MCIMAIL.COM ----- The following Automatic Fortune Cookie was selected only for this message: The problem with any unwritten law is that you don't know where to go to erase it. -- Glaser and Way ------------------------------ Date: Thu, 16 Sep 93 10:36:18 MDT From: Kenneth Ingham Subject: Re: Caller ID; a different view Geoff Kuenning writes that calling number ID does not attach a name to the info it provides. His phone company must be different from US West. We get not only the number, but also the name for all calls originating in New Mexico. According to US West, we cannot get out-of-state ids until all states approve CNID. --- Kenneth Ingham WD5BBT Hummin' little Grumman N9646L ingham@i-pi.com (NeXTMail OK) (505) 262-0602 ------------------------------ From: Jack Decker Subject: Re: Caller ID; a different view Date: 17 Sep 1993 04:56:33 GMT Organization: Youngstown State/Youngstown Free-Net Richard E. Blauvelt (rblauvel@world.nad.northrop.com) wrote: When I post to a news-group or send electronic mail, my name and internet address are attached to the message. How is caller ID any different? [end quote] Richard, I have yet to have my dinner interrupted, come running from outside, or emerged dripping wet from a shower to answer an email or newsgroup message. And that is the key difference - I answer my mail when *I* feel like it. On the other hand, when the phone rings, if you don't use an answering machine to screen calls (which many folks find annoying), it's a now-or-never situation. Also, having a Caller-ID box on my end does not help, first because by the time I get close enough to the display to read it I've already been inconvenienced; second, because an unknown calling number give me no information I can use to tell whether the call is from friend or foe (or telemarketer), and third, I do NOT feel I should have to pay an extra $6.00/month for a service I don't even want just so I can defend myself against others who have it (as your messages seems to imply I should have to do). If you really feel that EVERYONE should have Caller ID, then maybe you should try to convince your state's PUC to mandate that it be given to all telephone users, and that the phone company be allowed to increase all phone bills by some nominal amount (maybe 50 cents/month) to cover the expense. I think you'd soon find that others do NOT consider Caller ID to be a vital or necessary service. Jack -- ------------------------------ From: rogerj@otago.ac.nz Subject: Re: CAller ID vs Name System Organization: University of Otago, Dunedin, New Zealand Date: Thu, 16 Sep 1993 22:24:22 GMT >Vigilante action is much, much more likely with names given than with >numbers given, because it is easy to confuse the actual information >"this call was made from a phone registered to J. A. Smith" with the >perveived information "this call was made by the particular J. A. Smith >that I know". Any non unique labelling system called be used as opposed to a persons actual name. I choose a persons name as it is familiar to most people. Removing the persons first two intials (or just the middle initial) would result in the identifier being that common that people would understand (hopefully) that the caller called not be directly identified, but this may reduce the usefulness of the system. I know that in my flat I can probably list all the people who phone us and maybe even what time some of them usually ring. A labelling system would just help me identify people who I am not familar with or people who I am but do not wish to talk to. It is a method of controlling my social contact with other people which is probably why caller id is popular with some people. What I had intended was some system allowed people to indentify Common callers with a fair degree of certainity, but at the same time still provide callers with a degree of anonymity. No information other that that the person May Be a J Smith that I know would be revealed, unlike caller id that provides a unique identifier along with information on the rough location of the caller. >>5. Finally identifying people by numbers is dehumanising. Over the past >>few thousand years most people have been identified by name rather than a >>number, we are even labled with a name at birth, why do we want to start >>labeling people as numbers? Is humanity the price of effeciency. >Since you are not, in fact, identifying people, it's misleading to ues >the identifiers commonly associated with people. Furthermore, since >the human namespace is cluttered and overlaid, you can easily introduce >accidental aliasing which would hampter police response to harrassment >problems, and could also result in police harrassment of innocent >people who had names the same as guilty people. I agree that the use of a naming system by the police to identifier harassing calls. However I do believe the current system that New Zealand Telecom uses for handling harassing calls could still be used with a naming system. (Victims in New Zealand first make a complaint to the police, the phone numbers of callers to the viticm are then record by the phone company but are only given to the police. No action can be taken by the individual.) >Phones have always been identified by numbers. > Associating a person's name with a phone > is misleading at best. Don't do it. But why do we have to reveal a our unique identifier in order to communicate with someone else. How many people would not accept a letter without a return address on the back. People want to control there social interaction will others wish to protect their privacy. Unique identifiers aid one at the expense of the other. Is there not system that would provide a balance? Cheers Roger RogerJ@Otago.ac.nz Otago University Dunedin New Zealand (Phone number not included!) These are my views only but I am interested in others ------------------------------ End of Computer Privacy Digest V3 #035 ******************************