Date: Wed, 22 Sep 93 16:24:31 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#044 Computer Privacy Digest Wed, 22 Sep 93 Volume 3 : Issue: 044 Today's Topics: Moderator: Dennis G. Rears PHONEBUSTER wants help combatting telemarketing fraud Re: ANI Re: Something to Consider Finding out the Caller's Number (was ANI) Re: Finding out the Caller's Number (was ANI) Health card The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Tue, 21 Sep 93 22:22:28 PDT From: Kelly Bert Manning Subject: PHONEBUSTER wants help combatting telemarketing fraud Reply-To: ua602@freenet.victoria.bc.ca I posted this article in can.general. Can you have a look at it to see whether you feel the information has any relevance to claims that capture of phone numbers by ANI could not result in anything more harmful that a few tele-marketing calls? In a previous article, ua602@freenet.Victoria.BC.CA says: > >Both the CTV and CBC TV stations in Vancouver, BC aired news stories about >"you have won" telemarketing fraud schemes this evening. A national >PHONEBUSTER operation has been set up in North Bay, Ontario to gather >information about what Better Business Bureau spokeperson Valerie Maclean >described as a "Billion Dollar" fraud. > >The phonebuster number is (705) 495-3899, and is attempting to gather >information to lay charges against the operators of these boiler room >operations. Ms. Maclean described these telephone solicitors as being >very convincing out of work actors, and this description was backed up >by the recordings of their pitches broadcast by both stations. > >Older people, particularly owners of small businesses, seem to be the >favoured target of these frauds. Their addresses and phone numbers seem >to have been captured earlier when they responded to direct mail ads >for keychains and pens printed with the name of their businesses in a >direct mail version of the same type of fraud. > >One of the victims shown had sent $18,000, but seemed convinced that he >would get at least $100,000, perhaps as high as $250,000 back. Others had >thrown away $600, $3,210, or been asked to pay $3,500 for "Goods and >Services Tax", "Freight", or "registration". > >The CBC report said that 90% of these frauds operate out of Quebec, >with the only real address being a vacant commercial mail drop. The >Quebec operations only call out of province to avoid attracting the >attention of the local police, a pattern that is apparently copied from >similar scams in the US. One of the major operators was described as >going by the name "Great Dane". > >There have been 1,500 complaints so far, but police feel that this is just >the tip of the iceberg and that most victims don't report it because they >are embarrassed to have sent such large sums of money away on the basis of >a phone solicitation that seems so stupid in hindsight. Anyone who has been >victimized by this scam and has information is asked to call phonebusters. ------------------------------ From: Conrad Kimball Newsgroups: comp.society.privacy Subject: Re: ANI Date: 22 Sep 93 06:49:51 GMT Organization: Boeing Computer Services (ESP), Seattle, WA In article john@zygot.ati.com (John Higdon) writes: >Conrad Kimball writes: > >> With reverse directories and such, it's trivial to map a phone number to >> a name and address. Thus, they are essentially equivalent. > >All the verbage aside, this is what seems to bother you a great deal. >Tell me, why is it that you seem to feel it so threatened that an entity >that you call who pays for that call know who you are? You know who >they are. I assume you are calling to transact some sort of business. >Do you typically enter into business relationships maintaining your >anonymity? If the call is for product inquiry, are you embarassed that >someone might know that you inquired? No, I don't feel threatened. On the other hand, the business typically has no need to know who I am, and I'm not inclined to tell them, either. Who pays for the facilities is irrelevant; when I walk into a store, the owner certainly is paying for the facilities, but that in no way gives him (or his staff) a right to know who I am. They _invite_ the public (me) into their premises by the very act of opening for business and advertising. As such, it is axiomatic that I know who the business is, though in all but rare cases I haven't a clue as to the personal identities of the owner or the staff. Conversely, the business has no need to know my personal identity; certainly not just for product inquiries. I suppose a business _could_ legally condition entry to their premises by asking for ID, but I doubt they'd find that an effective way to stay in business. Publishing an 800 number is to me analogous to having an electronic storefront - the business has _invited_ me in, presumably to acquire my business. Of _course_ the business pays for the facilities - it's a way to attract more customers than it would get with a non-800 number. The business _chooses_ to have the 800 number, anticipating that it will generate more revenue than expenses. The mere fact that the business pays for it gives it no special right to know who calls the 800 number anymore than owning the store gives it the right to know who walks in the door. Yes, I quite routinely transact business in an anonymous fashion (at least, as much as I can - some transactions such as real estate simply aren't easily done anonymously). No, I'm not embarassed about making product inquiries, I just don't think the business has any need to know who is inquiring. They might well _like_ to know, but that's their problem, not mine. If they want to sell to me, part of the cost of doing business is responding to product inquiries, whether in person or by telephone. As above, I see 800 numbers as an electronic substitute for in-person inquires - in neither case do I expect to have to show ID. BTW, your choice of words ("embarassing") is embarassingly close to the "if you've got nothing to hide, you have nothing to fear" shibboleth. >These are personal questions that I am asking here. I would appreciate >it that if you decide to answer that you not bring up irrelevancies >such as "the public" or anyone else. We are just talking between the >two of us. I am interested in YOUR reasons for having an abhorrance for >letting a business that YOU elect to contact know anything at all about >the person doing the contacting. I see no need for them to know a thing about me. I walk in, pick up what I want, and pay cash. What more can they expect? Of _course_ businesses like to know more about their customers; that's the basis for a lot of consumer surveys, and all that. And I turn them down, too. >The custom and usage of caller anonymity, a legacy of the limited >technology of the past, will die hard. As the knee-jerk reactions to >anything that threatens the status quo subside, we may all eventually >look back on this era with great amusement. When do you think the custom of anonymous grocery buying, a "legacy of the limited technology" of the present, will die out? Should it? Why? (Perhaps you routinely present ID whenever you walk into a store? You don't?!? I'm shocked!! After all, they are paying for the facilities, you know...) All the verbage aside, the idea that you might have to pay for an anonymous caller seems to bother you a great deal. Tell me, why is it that you seem to feel it so threatened that an entity that calls you knows your business (the business, not you personally) while remaining personally anonymous to you? Seems to me like you could eliminate your problem by simply not having an 800 number. Why won't this work for you? Perhaps you've _chosen_ to structure your business upon an accident of technology (ANI), and you are simply loath to see such a fundamental (to you, anyway) business assumption challenged? If so, well, that's just too bad for you. Businesses find their underlying assumptions challenged all the time, and have to adapt or perish. -- -- Conrad Kimball | Client Server Tech Services, Boeing Computer Services cek@sdc.cs.boeing.com | P.O. Box 24346, MS 7A-35 (206) 865-6410 | Seattle, WA 98124-0346 ------------------------------ From: Conrad Kimball Subject: Re: Something to Consider Date: 22 Sep 93 07:11:32 GMT Organization: Boeing Computer Services (ESP), Seattle, WA In article abc@arl.army.mil (Brinton Cooper) writes: > >Notice how she slipped in "(it is happening now)" near the end of the >posting. A key point in the ANI debate on this forum is whether "it" is >happening or not. If corporations are collecting ANI data and using it >for nefarious reasons, let's have at least one concrete example, rather >than a litany of what "could" happen. Let's not suggest legislating as >illegal acts which haven't yet been observed. While it may be a reasonable general principle to avoid legislating against acts that haven't occured (the law books could get _very_ large!), there remain legitimate situations where proactive or preemptive legislation or regulation has great value. Typically these are situations where, in the judgement of the legislators or regulators, the potential risk of a negative result outweighs the expected benefits, or at least outweighs the costs of a "go slow" approach. Well known examples include: the FDA procedures instituted after the thalidomide fiasco; regulations governing genetic engineering; nuclear power plant regulations; and others I'm sure you can name. I think the basic principle of proactive regulation is well accepted. The question to be debated is whether this particular situation (ANI) is of a nature to justify proactive regulation. I'm not sure how I'd decide, but I confess to leaning towards proactive regulation of how businesses can use personal information they gather in the course of business. Why? Probably because the damage to individuals, should it occur, will likely be exquisitely hard to pinpoint and prove. (This is the problem that is conveniently ignored by those who argue "we don't need regulations - if you're damaged, sue 'em".) Of course scoflaw businesses could ignore the regulations, but I'm perhaps naive enough to believe that most would abide by the regs. -- -- Conrad Kimball | Client Server Tech Services, Boeing Computer Services cek@sdc.cs.boeing.com | P.O. Box 24346, MS 7A-35 (206) 865-6410 | Seattle, WA 98124-0346 ------------------------------ From: Craig Wagner Reply-To: craig.wagner@his.com Date: Wed, 22 Sep 1993 10:06:51 Subject: Finding out the Caller's Number (was ANI) BC> From: Brinton Cooper Newsgroups: BC> comp.society.privacy BC> FACT 1: The recipient of an 800 knows the number from which every BC> such call was made. Perhaps it's poorly stated, but the above is not true. I believe the author meant to say that the recipient of an 800 number call has the ability, if they acquire the necessary technology and understanding of it, to know the number fromwhich every such call is made? But I know people (my parents) who have an 800 number, and have no idea who's calling them when the phone rings. (and other than this, I agree that this debate has gone on beyond much of any useful purpose) ------------------------------ From: John Macdonald Date: Wed, 22 Sep 1993 14:39:03 -0400 Subject: Re: Finding out the Caller's Number (was ANI) || "david.g.lewis" estimates the cost of || providing ANI-blocking and ANI-blocked-call-blocking David cost estimates sound pretty good, with two exceptions. He assumes that there would be no change in the number of calls if it were implemented. First, the lost revenue for the non-completed call will not always be lost. After getting a reject, the caller will choose whether they wish to call again without blocking ANI. In this case, there will just be the cost of the failed connection. Second, it presumes that there would not be any additional calls made that otherwise wouldn't. Given the assurance that their number will *not* be automatiucally provided, there could be extra calls made by people who just don't call for casual business purposes for fear of having their number collected and misused. Off-hand, I doubt that there are many instances today of people choosing not to call 800 numbers out of this fear. It is possible that this number could rise sharply whenever the first mass media publicized use of collected phone number lists occurs. -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm@Elegant.COM ------------------------------ From: Carl A Slenk Subject: Health card Organization: University of Vermont, EMBA Computer Facility Date: Wed, 22 Sep 1993 16:50:34 GMT On the news last night H. Clinton mentioned a " National Health Security Card". Anyone have any details? -- Carl A. Slenk | "A computer lets you make more mistakes faster slenk@hal.emba.uvm.ed | then any other invention with the possible University of Vermont | exceptions of handguns and Tequila" - My opinions;get your own | Mitch Ratcliffe ------------------------------ End of Computer Privacy Digest V3 #044 ******************************