Date: Mon, 20 Sep 93 10:05:03 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#038 Computer Privacy Digest Mon, 20 Sep 93 Volume 3 : Issue: 038 Today's Topics: Moderator: Dennis G. Rears Re: Caller ID gives low cost access to ANI data Re: ANI Re: ANI College Civil Liberties Conference at Harvard University Re: Caller ID vs Name System Re: CAller ID vs Name System Re: Something to Consider The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Fri, 17 Sep 93 17:53:19 PDT From: Kelly Bert Manning Subject: Re: Caller ID gives low cost access to ANI data In a previous article, roy@sendai.cybrspc.mn.org ("Roy M. Silvernail") says: >In comp.society.privacy, ua602@freenet.victoria.bc.ca writes: >> A call from my phone(on a type 1 or 2 switch which does not generate >> Caller ID signals for any line) to both of STOPPER's Caller ID demo >> 800 numbers demonstrated that the recreation of blocked Caller ID >> signals from ANI data (ANI spill) makes it possible to use cheap >> Caller ID access to obtain at least the calling phone number part of >> an ANI signal. It does not give any information about how widespread >> ANI spill is, but it does demonstrate that it can happen. > >You have me completely confused with this statement. The STOPPER >numbers use real-time ANI, which is how they get your billing number. >No CNID signals are "reconstructed". CNID and ANI are 2 distinct and >different tarrif offerings. > Welcome to the confusion club. Are you associated with the STOPPER operation? Have you reviewed their facilities and operation? This thread started out with me asking whether STOPPER was using ANI or Caller ID. 1. The first call that I placed to their 800 advertising read my number back to me, after which a voice stated that it had been obtained using Caller ID. I mentioned that my understanding of US advertising laws is that they could be liable for false advertising if they had really used ANI. 2. I FAXed BC Tel's headquarters in Vancouver and got a reply stating that my number had been made available as a result of ANI spill. It also stated that Canadian Stentor group companies have a Canada wide agreement not allow ANI spill. I followed this up with a call to a BC Tel Manager in their Network Switching Area who also told me that the blocked and flagged Caller ID information is being recreated after the call crosses the international border. The fact that Canadian phone companies would go to the trouble of making a pact about this shows that it is a very real possibility. 3. One of the previous respondents in this thread stated that STOPPER has published a statement by a Telecom Security consultant to the effect that they do not use or accept ANI information in order to eliminate any possibility of it being passed along when they place a call for a customer. > >> Most people are able to understand that the wider the scope of >> access the greater the likelyhood of confidentiality not being >> respected. If everyone has access there is no confidentiality. > >If the access is legitimate, what is the problem? I'm sure no one >here supports the misuse of ANI-delivered information. But that is no >reason to call for its prohibition (as several have done). Magazines are a notorious source of names and addresses for direct marketing lists and for personal information databases. They are able to avoid civil remedy law suits by making a pact with their address customers that they will not be identified as being the source of a persons address. The practice of subscribing under an alias or with coded initials, is the only defense subscribers have to this. Magazines often have 800 numbers to call to subscribe or get help when issues don't arrive or arrive late or damaged. As far as I am concerned subscriber whose check or money order has cleared has already paid for any 800 calls they may have to make. The claim that the magazine pays for the call is a red herring. The subscriber pays for the product and for any related support which the publisher warrants for the publication. It would be naive to claim that magazines which peddle subscriber lists wouldn't capture phone number if they have ANI and add them to their collection of personal information about the subscribers name, address, personal interests(based on type of magazine), and credit or payment history(adequate to establish and maintain the subscription). Hotels and Resorts are another type of enterprise which often advertises 800 numbers, and which I have detected peddling my address to other businesses. If I make an 800 call to a hotel to make a reservation under an alias the only claim they have against me is to release the reservation if my deposit money order fails to arrive within a few days. > >> Changing the entry price of ANI data from an ISDN PR Interface and >> related equipment to a Caller ID box and interface enlarges the >> scope for abuse. > >What is your point? CNID and ANI are two different things, for >different purposes. The abuse of one doesn't connote the abuse of the >other, and the potential for abuse of either one doesn't mandate that >such abuse exists. I have to agree with John Higdon on this. I have >yet to see a documented case of ANI or CNID causing anyone harm. All I >see are vague predictions and arm flailing. >-- > Roy M. Silvernail [ ] roy@sendai.cybrspc.mn.org >cat /usr/philosophy/survival | PGP 2.3a public key >#! /usr/local/bin/perl -p | available upon request >next unless /$clue/; | (send yours) > > ------------------------------ Date: Fri, 17 Sep 93 18:07:23 PDT From: Kelly Bert Manning Subject: Re: ANI In a previous article, john@zygot.ati.com (John Higdon) says: >Conrad Kimball writes: > >> With reverse directories and such, it's trivial to map a phone number to >> a name and address. Thus, they are essentially equivalent. > >All the verbage aside, this is what seems to bother you a great deal. >Tell me, why is it that you seem to feel it so threatened that an entity >that you call who pays for that call know who you are? You know who >they are. I assume you are calling to transact some sort of business. >Do you typically enter into business relationships maintaining your >anonymity? If the call is for product inquiry, are you embarassed that >someone might know that you inquired? I never give a business my name, address, or phone number unless there is some legal requirement(eg. buying a car or home) or delivery issue. I even buy TVs and clothes washers in cash. I am quite happy to take a receipt and come back later if they think that I ran off the bills in my basement. I am rather tired of Radio Shack staff refusing to accept a simple NO on the first go round when I buy a 58 cent battery and get asked for my name and address. The only obligation I have to the vendor in most commercial transactions is to provide them with cash, a money order, or a check(name but no address) which clears. My address, phone number, and in most cases my name, are literally none of their business. I am not familiar with US law, but in Canada it is legal to use any alias I choose in most purchases. My decision to deal in this manner has developed as a result of decades of detecting that personal information about me is passed to third parties without my knowledge or consent, sometimes against explicting instructions not to do so, and using this information for purposes that have nothing to do with the transaction for which the vendor has already been paid in full. ------------------------------ Date: Fri, 17 Sep 93 23:39 PDT From: John Higdon Reply-To: John Higdon Organization: Green Hills and Cows Subject: Re: ANI On Sep 17 at 18:07, Kelly Bert Manning writes: > The only obligation I have to the vendor in most commercial transactions > is to provide them with cash, a money order, or a check(name but no address) > which clears. My address, phone number, and in most cases my name, are > literally none of their business. I am not familiar with US law, but in > Canada it is legal to use any alias I choose in most purchases. If you choose to not avail yourself of modern business conveniences such as credit, then a tip of the hat to you. But you are in a distinct minority. And there are other transactions that require both parties to know of each others' existence that involve warranties, recalls, and product support. > My decision to deal in this manner has developed as a result of decades > of detecting that personal information about me is passed to third parties > without my knowledge or consent, sometimes against explicting instructions > not to do so, and using this information for purposes that have nothing to > do with the transaction for which the vendor has already been paid in full. That is interesting. I have made it a point to give information to vendors, creditors, and others with whom I do business. I have a very high profile in the community, am well known in my fields of endeavor, have articles published in many forums, both print and electronic, have a listed phone number, etc., etc. I have yet to see one single solitary indication that this openness with personal information has caused me harm. Quite the contrary: many of my business opportunities have materialized as a result of not being a recluse. I assume that every 800 number I call captures my number. Big deal. That information is in the San Jose/Santa Clara telephone directory. In fact, I was recently annoyed at my VISA issuer for being so stupid and NOT going to any effort to collect data. My phone number changed over a year ago for technical reasons. After a few months, the referral stopped. Last week I made a purchase on my VISA card which hadn't been used for many months. The transaction was approved, but when I tried to use the card the next day, the merchant had to call in and I was put on the phone with the card center. It seems that the bank had tried to verify my use of the card the day before and encountered the "disconnected" home phone number. When I explained that the number had been changed and why, there was no problem. But it occurred to me that the bank might have at least called directory assistance before going off the deep end. I am not a privacy freak or conspiracy buff. And my major complaint with "data gathering" is not that it is done, but that it is generally done so poorly. I realize that many out there ARE privacy freaks. That is fine. But there are many more of us out here who happen to enjoy the benefits of readily accessilble and verifiable data. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ From: Jolyon Silversmith Newsgroups: harvard.general,comp.society.privacy,misc.activism.progressive Subject: College Civil Liberties Conference at Harvard University Date: 18 Sep 1993 02:17:26 GMT Organization: Harvard University Science Center Distribution: usa The Civil Liberties Union of Harvard (CLUH), the Harvard College affiliate of the American Civil Liberties Union, will be sponsoring a conference for college students on civil liberties on Saturday, November 6, 1993. The tenative workshop topics and speakers are: 1) The Organizational Aspects of College Civil Liberties Unions, led by the Civil Liberties Union of Harvard and John Roberts, Director of the Civil Liberties Union of Massachusetts 2) The Death Penalty 3) Free Speech and Hate Speech, led by Natasha Lisman of the law firm of Sugarman, Rogers, Bushak, and Cohen 4) Sexual Harrassment, led by Nancy Ryan, President of the CLUM Board of Directors and Chair of CLUM's Women's Rights Project 5) Electronic Privacy/E-Mail Rights, led by Ralph Clifford, Attorney at Law 6) Campus Publications and Censorship, led by Marjorie Heins of the ACLU Arts Censorship Project 7) Civil Liberties and Drug Legalization, led by Jon Holmes of CLUM 8) Gay and Lesbian Rights There will also be an endnote forum, tenatively titled Rights in Conflict - Women and Civil Liberties The conference is open to all college students; other individuals please contact CLUH for more information. Registration for the conference will be primarily by mail, although some provision will be made for same-day registration. Check-in will take place on the evening of Friday, November 5 and the morning of Saturday, November 6, with the first sessions beginning at 8AM and the last sessions ending at 6 PM on November 6. CLUH can arrange for limited overnight accomodation on November 5. The fee for participants will be $5. For more information by e-mail, contact rwyalen@husc.harvard.edu, lmuggrid@husc.harvard.edu, or silvers3@husc.harvard.edu. For information by mail, write to the Civil Liberties Union of Harvard, c/o Rob Yalen, 167 Quincy House Mail Center, Cambridge, MA 02167, or call (617) 493-3109. Even if you can't come to the conference, we need your help in publicizing the conference. Please contact CLUH for more information. Please feel free to distribute this information, unaltered, to any groups or individuals that may find it of interest. CLUH is also interested in contacting other student civil liberties organizations or students interested in starting one on their campus. The ACLU can provide interested students with an organizing manual, contacts at other local universities, and other information and resorces. Contact the above address for more info. -- Jolyon ("Jol") Silversmith______________________________________________________ Mather House 188 Former Director: Civil Liberties Union of Harvard Cambridge, MA 02138 Circulation/Publicity Manager: Lighthouse Magazine silvers3@husc.harvard.edu Editor: The Mather Messenger (House Newsletter) ------------------------------ Date: Sat, 18 Sep 93 16:11:46 PDT From: Kelly Bert Manning Subject: Re: Caller ID vs Name System In a previous article, ddb@burn.network.com (David Dyer-Bennet) says: >>I would be interested in what people would think about this method of >>Caller Id. Instead of display the telephone number of the caller the >>initial of their first name (and maybe the initial of their middle) and >>their surname gets printed on the screen. Thus instead of 477-9229 being >>displayed J. Bloggs is displayed on the screen. >> >Since you are not, in fact, identifying people, it's misleading to ues >the identifiers commonly associated with people. Furthermore, since >the human namespace is cluttered and overlaid, you can easily introduce >accidental aliasing which would hampter police response to harrassment >problems, and could also result in police harrassment of innocent >people who had names the same as guilty people. Phones have always >been identified by numbers. Associating a person's name with a phone >is misleading at best. Don't do it. > I agree. Besides, one of the alternatives to anonymous calling that is available is the display of a unique identifier which can be used to trace a call. I've read that this has been proposed as one solution to the fact that some people don't want to accept anonymous calls. The same code would be displayed evertime the same phone is used to call, so it would be just as (in)effective as Caller ID of the calling phone number at preventing obscene phone calls, but would not allow someone to call back unless they contacted the police and phone company. The argument that Caller ID deters or prevents obscene phone calls has always puzzled me. Are all local call details logged? The quote I posted from the 85/Nov issue of Radio-Electronics stated that this had been available since the indroduction of the Automatic Message Accounting machine, which I believe used paper tape technology. Newer systems should be able to trace local calls just as effectively, at least within some period of time after they were made. The recurring proposals for local measured service imply that the technology to record local calls at a very detailed level already exists and is ready to turn on. ------------------------------ From: Richard Roda Subject: Re: CAller ID vs Name System Keywords: Discouraging Harassing Callers Organization: North Carolina State University, Project Eos Date: Sun, 19 Sep 1993 02:07:13 GMT I once had a problem with someone prank calling when I lived at home with my parents house. I took care of it really quickly. I waited for them to call the house, and I put the modem in self-test mode / send-recieve self loop back mode, which essentially means the modem connects to itself and makes as much noise as possible (because it is testing _all_ of the tones that it can emit at the same time). They never did call back :->. The point of this is that a phone is a two way connection, when they harass you, you got a link at them, and you can use it. Caller ID is not necessary to deal with an annoying caller. As for the "telemarketing scum", I employ a tactic which is a bit more subtle but discourages them from calling. You want to talk to the marketer as long as possible. Chat with them, ask them questions, every minute they are on the phone they are incurring expense. You deny them the sale. Your number gets into a cost list and is junked, end result: less telemarketers. As for Caller ID, it's not worth worrying about. I'd rather worry about things that matter, such as RICO laws, The War On Drugs(TM), rather than THEM(tm) getting my phone number. If I was that paranoid, I wouldn't have a phone. -- Richard E. Roda Computer Science at NCSU | PGP 2.3 Public key by Email Xdisclaimer: These are my opinions, not necessarly any one elses. Xmetadisclaimer: A society that needs disclaimers has too many lawyers. ------------------------------ From: "Kirsi M. Vivolin" Subject: Re: Something to Consider Date: 18 Sep 1993 23:12:31 GMT Organization: University of Washington, Seattle In article , Brinton Cooper wrote: > >Kirsi M. Vivolin discussed the well-known >risks (see Risks-Digest archives for complete discussions on the topic) >of pooled databases by phone companies, credit organizations, etc. She >says, in part: > >| On the other hand, if data from many different points starts converging >|into one database, privacy becomes impacted. Not only can we expect >|this to happen(it is happening now), but we can expect little guidance >|from the existing body of law, simply because there has never been any >|precedent to this. >| >Notice how she slipped in "(it is happening now)" near the end of the >posting. A key point in the ANI debate on this forum is whether "it" is >happening or not. If corporations are collecting ANI data and using it >for nefarious reasons, let's have at least one concrete example, rather >than a litany of what "could" happen. Let's not suggest legislating as >illegal acts which haven't yet been observed. > >_Brint Sorry, _Brint, but no sale. What is wrong with anticipating abuse and moving to head it off? This is not only routine, but just good sense. For example Clinton is working on Universal Health Care legislation right now. It's easy to anticipate that with the amounts of money involved, somebody will try to defraud the system. Would Clinton be wrong to try to anticipate abuses of the system, and to head them off by legislating against them? Or should he wait until somebody has already ripped the system off before he says 'Thou shalt not steal'? I think he would be remiss if he failed to anticipate some of the problems that might arise and deal with them proactively. Your reasoning is tantamount to saying that the state of Washington (or Ecstasy or Confusion) need not have enacted a law against murder until a murder had been committed. The whole bloody idea is that there are certain things that we *don't* want to see, ever, so let's spell it out ahead of time. I am really tired of having to deal with the destructive effects of new technologies that were permitted to run amok before anybody tried to anticipate the problems entailed in turning them loose. Consider the case of atomic fission - for years people were saying, in effect, innocent until proven guilty. Well, now we are spending $mega to clean up after the excesses of the nuclear industry. The same can be said of the chemical industry, auto industry, etc, etc. Now, I'm not going to tell you that nukes, chemicals and cars are all evil. I will assert that the pioneers of those fields and their contemporaries in public life would have done us all a service if they had been a little more willing to contemplate the negative side effects of their enterprises. An ounce of prevention is worth a pound of cure. Considering the case of information technologies, it looks like we get tremendous benefits at the risk of the loss of privacy. Now is the time to anticipate some of the risks and minimize them at least cost. This is the time to apply the ounce of prevention. Given that our society favors free flow of information between people, it will be nearly impossible to preclude the kind of scenarios I described by trying to block the con- solidation of data. We would have to stomp the First Amendment into the ground to do it - bad idea. One line of approach is to assume that every- body knows that everything that goes onto paper or into a computer is globally readable and lasts forever, and to let them decide what goes into the database. Another is to bar the commercial exploitation of personal information, although that runs into First Amendment problems as well. The point is that if we don't decide, technological imperatives and the profit motive are going to decide for us. Given the track record of the 19th and 20th centuries, I can't say I want my privacy (and my grandchildrens') in the hands of the same forces that brought us Love Canal, Hanford, et. al. While I'm no fan of the dead hand of Government, I would like a little protection, and I want it before the destruction of privacy by private industry is a fait accompli. ------------------------------ End of Computer Privacy Digest V3 #038 ******************************