Date: Tue, 21 Sep 93 17:01:15 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#042 Computer Privacy Digest Tue, 21 Sep 93 Volume 3 : Issue: 042 Today's Topics: Moderator: Dennis G. Rears Re: Finding out the Caller's Number (was ANI) Re: Finding out the Caller's Number (was ANI) Re: Caller ID/ANI Thread program for UK Privacy Conference, Sept 30 Subpoenas issued to PGP companies Computer Privacy Digest V3#040 Re: Privacy Bill? The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: "david.g.lewis" Subject: Re: Finding out the Caller's Number (was ANI) Organization: AT&T Date: Mon, 20 Sep 1993 17:48:25 GMT In article varney@ihlpe.att.com writes: > At least for 800 calls, I wouldn't object to an ANI-block >mechanism. (I must acknowledge I work for a part of AT&T that could >benefit from any mandated new features.) Even better would be a >"presentation restricted" indicator in the ANI field, as the Caller-ID >information contains. Of course - then all the LECs are mandated to purchase new software for all their 5ESS(R) switches, 1ESS(TM) switches, 1AESS(TM) switches, 4ESS(TM) switches, new MF senders for all the remaining 5XBs, etc., etc., etc. Helps AT&T Network Systems' income no end... Although I would claim it would be a Big Deal to build and deploy it. > As a rate-payer, I would expect the users of >this feature to pay for it, either in monthly charges, per-use charges >(whether the call was answered or not) or a fixed charge for every >BLOCKED attempt to call an 800 number that will not accept non-ANI >calls. Each of these should use minimal network resources; either the >calls should be blocked in the LEC network or some fraction of the >charges should be shared with the IXC for use of the IXC network. I don't see how the calls could be blocked within the LEC network, as the subscriber information (accept or reject calls with ANI presentation restricted) would be either within the 800 service provider network or in the 800 customer CPE. Except for the special case where the originating LEC is also the 800 service provider, I would expect the call would have to be delivered to the 800 service provider for ultimate offering to the 800 customer, who can accept or reject it as they wish. Furthermore, I would guess that IXCs would be rather averse to this concept, as they pay access charges to the originating LEC for uncompleted calls in addition to using network resources to attempt to set up the call. Unless the fraction of the charges shared with the IXC fully coveres the access charge plus a delta, this feature is mandating a loss of revenue on the part of the IXC. >[Moderator's Note: Any idea of the total costs that would be incurred >by various telecom entities in blocking ANI? ._dennis ] Well, throwing out some possibilities... There's the per-ANI delivery revenue that's lost - $.01 to $.02 per call. There's the cost incurred for calls cleared because ANI is blocked - $.02 to $.06 in access charges (assuming the time taken to accept the call setup from the LEC, offer it to the customer, and complete clearing when the customer rejects the call is less than one minute), and some additional fraction in network resource usage - for the sake of argument, let's assume that cost is the same as the LEC cost recovered by the access charge, $.02 - $.06. There's the revenue lost due to these calls being cleared - anywhere from about $.12 to $.25 per minute. Now, let's make some wild-guess assumptions. Assume 5% of people block ANI delivery when calling 800 numbers. Assume 75 million 800 calls are made a day. (Basis - AT&T carries on the order of 150 million calls a day, on the order of 40% of those calls are 800 calls, and AT&T has on the order of 80% of the 800 market; these are the last published numbers I've heard in the 800 number portability frenzy, and I have no idea if they're at all accurate anymore, but they're close enough for government work.) Assume 800 customers receiving 5% of the 800 traffic reject calls which have no ANI information. Assume all 800 customers are receiving ANIs and paying $.01 per call. Assume access charges and 800 service provider costs are each $.04 per cleared call, and 800 service provider revenue is $.20 per minute on 800 calls. Assume the average completed 800 call lasts 3 minutes. These assumptions could be played up or down, but hey, we're talking very rough order of magnitude here. We then get 75M * .05 or 3.75 million 800 calls on which ANI will be blocked (marked restricted and not sent to the 800 customer). Of these calls, 187,500 will be rejected by the 800 customer, representing 187,500 * $.08 or $15,000 in unrecovered costs and 187,500 * $.60 or $112,500 in lost revenue. The remainder of the calls with ANIs blocked results in $35,625 in lost revenue, so we're looking at about $160k/day additional costs and lost revenues. Over, say, 250 business days a year, we're talking about a $40 million hit on the bottom line of the 800 business. That's ongoing costs, of course; there's also the cost to the industry of building and deploying the capabilities to provide the blocking. I wouldn't even care to hazard a guess as to how much that would cost to the LECs, 800 service providers, and CPE providers. But what is basically being discussed here is a capability which would require the telecom industry to incur some upfront capital and development costs to enable it to incur higher operational costs and reduce revenues. Oh, yeah, that'll go over great. >Al Varney - my opinion only Ditto - my opinion and SWAGs only. David G Lewis AT&T Bell Laboratories david.g.lewis@att.com or !att!goofy!deej Switching & ISDN Implementation ------------------------------ Date: Mon, 20 Sep 93 21:50:42 EDT From: Brinton Cooper Subject: Re: Finding out the Caller's Number (was ANI) Organization: The US Army Research Laboratory One part of the debate on CNID/ANI centers on the public's alleged mis-perception that an individual's privacy is absolutely protected when that individual makes a toll-free (800) call. FACT 1: The recipient of an 800 knows the number from which every such call was made. FACT 2: FACT 1 is a matter of public record via the tariff process. FACT 3: Whether FACT 2 constitutes a "sufficient" level of public disclosure is debatable. One's opinion is surely tied in with a significant set of other personal issues and opinions. FACT 4: The resolution of the issue in FACT 3 is not likely to be settled in this forum any time soon, if ever. FACT 5: No new facts have entered this debate in several weeks. STRONGLY HELD OPINION: It is always good for the public to know about such rules as the tariffing of the release of calling numbers to holders of 800 numbers. It is good for the public to be aware that this is a controversial subject. It is good for the public to reflect upon and participate in the debate. INESCAPABLE CONCLUSION: If everyone (including me) who posted to this debate would write one thoughtful letter to the editor of a widely- read newspaper summarizing the debate and stating his/her opinion, the public would be well-served and this forum could discuss something new. DISCLAIMER: This is not a suggestion that debate be limited. It is not a call for cloture. It is merely a suggestion on how to improve the quality of life on this forum. __Brint ------------------------------ Date: Mon, 20 Sep 1993 20:21:56 -0400 From: David Lesher Subject: Re: Caller ID/ANI Thread Reply-To: wb8foz@skybridge.scl.cwru.edu Newsgroups: comp.society.privacy Organization: NRK Clinic for habitual NetNews abusers - Beltway Annex I have a technical query to close out the thread. I seem to recall that a Rochecter Tel sub called the 800-stopper ANI #, and got readback, then "*67"ed, and called again - this time NOT getting one. Anyone have a technically - valid explanation? -- A host is a host from coast to coast..wb8foz@skybridge.scl.cwru.edu & no one will talk to a host that's close............(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 ------------------------------ Path: privint.demon.co.uk!user From: davies@privint.demon.co.uk (Simon Davies) Subject: program for UK Privacy Conference, Sept 30 Organization: Privacy International, London Office Date: Mon, 20 Sep 1993 22:27:07 GMT PROGRAMME INTERNATIONAL DEVELOPMENTS IN PRIVACY AND DATA PROTECTION 30th SEPTEMBER, 1993, MANCHESTER, UK A roundtable hosted jointly by Privacy International & the Law School of the University of Manchester 8.30 AM Welcome. 8.45 Information Infrastructure and Telecommunications Privacy issues Professor Marc Rotenberg, Georgetown University Law School, U.S.A. Discussion 9.30 Privacy developments in the United States : An overview and discussion. Evan Hendricks, Privacy Times, Washington DC 10.15 Privacy developments in Canada : an overview and discussion. Tom Riley, Riley Information Systems, Toronto 11.00 Break 11.15 Interactive technology and smart cards in the Health Sector : The Australian experience and international parallels. Simon Davies, School of Law, University of New South Wales, Australia. Discussion 12.00 Cryptography issues and the Clipper Chip proposal David Banisar, Computer Professionals for Social Responsibility (CPSR), Washington DC. Discussion Other sessions include : Implications of the European Commission data protection directive The establishment of guidelines for handling police files in emerging democracies in Central and Eastern Europe Weaknesses in the UK Data Protection Act 8.30 AM - 2.00 PM, Thursday 30th September 1993 Room 2.22, The Law School, University of Manchester, Oxford Road, Manchester, M13 9PL This programme will include a small number of papers and formal presentations, but will primarily be a forum for general discussion of the issues. A number of key international experts will be present at the meeting. The conference is free for all Privacy International members, independent experts, and privacy and consumer advocates. A fee of 50 (US$75) will apply to representatives of government organisations or companies. 8.30 AM - 2.00 PM, Thursday 30th September 1993 Room 2.22, The Law School, University of Manchester, Oxford Road, Manchester, M13 9PL For more information, please contact : Simon Davies at Privacy International in London on (44) 81 402 0737 or fax (44) 81 313 3726 (email : Davies@privint.demon.co.uk ) or Dave Banisar at Privacy International in Washington on (1) 202 544 9240, fax (1) 202 547 5482 (email : Banisar@washofc.cpsr.org ) ------------------------------------------------- Simon Davies Privacy International Morgan Towers, Bromley, BR1 3QE U.K. Ph (44) 81 402 0737 fax (44) 81 313 3726 email davies@privint.demon.co.uk internet connection donated to Privacy International by Demon Internet, London ----------------------------------------------- ------------------------------ From: Carl Oppedahl Subject: Subpoenas issued to PGP companies Date: 21 Sep 1993 09:56:25 -0400 Organization: PANIX Public Access Internet and Unix, NYC The New York Times (Sept. 21, 1993, page D1, col. 1) reports that a federal grand jury in San Jose, Cal. has issued subpoenas to two software publishers selling privacy programs. According to the story, the subpoenas relate to whether distribution of Pretty Good Privacy (PGP) has violated State Department export control regulations. Quoting from the article: The legitimacy of the export regulations is also disputed by legal scholars who argue that they restrict speech. "The right to speak P.G.P. is like the right to speak Navajo," said Eben Moglen, a professor of law at Columbia University. "The Government has no particular right to prevent you from speaking in a technological manner even if it is inconvenient for them to understand." P.G.P. has been controversial since it was written by a programmer, Philip Zimmerman, because it uses a coding formula that many researchers believe strong enough to protect data from even the N.S.A.'s high-speed code-cracking computers. The formula was developed by three computer scientists: Ronald Rivest, Adi Shamir and Leonard Adelman. -- Carl Oppedahl AA2KW (patent lawyer) 1992 Commerce Street #309 Yorktown Heights, NY 10598-4412 voice 212-777-1330 ------------------------------ Date: Tue, 21 Sep 93 14:05:17 EDT From: Bryon Propst Subject: Computer Privacy Digest V3#040 Is the U.S. Government really going to become this irrational in its phobia that the common citizen may actually obtain true privacy in their communications? What has happened to our government over the last 200 years? We once believed that what the private citizen did was his own business until there was physical evidence that they were harming another's Constitutional rights. Now, you believe that you have the right to "take a preventative stance toward crime and corruption...". Sounds good, but where does that lead us? To invading ALL areas of our citizens lives that were once deemed private, in the hope that you may find a potential infraction?!? Our forefathers are doing backflips. So would I if I wasn't so scared.... ----- Begin Included Message ----- [Moderator's Note: The included message was the article about Austin Code Works and PGP. It was in the second to last digest. ._dennis ] ------------------------------ From: "Theodore L. Dysart" Subject: Re: Privacy Bill? Date: 21 Sep 1993 20:51:10 GMT Organization: Worcester Polytechnic Institute In article peterson@CS.ColoState.EDU (james peterson) writes: >I have recently been hearing about a privacy bill being considered >by Congress. Does anyone have the text of this bill to post? I am doing a paper on e-mail privacy and I looked into this legislation. It is sponsored by Senator Paul Simon, and it is called "The privacy for consumers and workers act" As explained to me by his aide, it does the following: If an organization declares that it has the right to read/review your e-mail, it must do so all the time. If they do not review mail on a regular basis, but retain the right to, they must make you aware of the fact that they have "opened" your mail. It doesn't stop them from doing it, but at least you must be informed. 8) The aide told me that it was unavailable in an on-line format, but they are happy to send it to you. (took about 2 wks.) We voluntered to do some surveys or research for the office, but their interest was more directed towards Unions. (The brochure with the record from the hearing included an extensive statement from the Union at the Sharaton Hotel in Boston.) Ted. ------------------------------------------------------------------------------- _/_/_/_/_/ _/_/_/_/ _/_/ |Thodore L. Dysart | Also Student Conductor for _/ _/ _/ _/ |dysart@wpi.wpi.edu| the WPI Glee Club and Head _/ _/_/_/ _/ _/ | Sales Rep. for | Chef for the WPI Baker's _/ _/ _/ _/ | WIN Enterprise | Dozen - Available for _/ _/_/_/_/ _/_/ | (508)753-1522 | Special Occasions 792-9119 ------------------------------ End of Computer Privacy Digest V3 #042 ******************************