telecom@eecs.nwu.edu (TELECOM Moderator) (11/04/90)
TELECOM Digest Sat, 3 Nov 90 16:36:00 CST Blocking LD Calls - Part I
Inside This Issue: Moderator: Patrick A. Townson
Blocking of Long Distance Calls - Part I [Jim Schmickley]
----------------------------------------------------------------------
Date: Sat, 3 Nov 90 16:17:30 CST
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: Blocking of Long Distance Calls - Part I
My thanks to John Winslade for sending along the information for this
two part special issue of the Digest. Actually, he sent several other
files related to this, and they have all been placed in the Telecom
Archives at MIT, in the sub-directory 'telecom.security.issues'.
The Telecom Archives are available via anonymous ftp from lcs.mit.edu.
If necessary, you can also use the bitftp archives server to recieve
these files in the mail.
This is part one of two parts:
Date: 22 Oct 90 18:23:00 CDT
From: JOHN WINSLADE <winslade@zeus.unomaha.edu>
Subject: Blocking of Long-Distance Calls
BLOCKING OF LONG-DISTANCE CALLS
by Jim Schmickley
Hawkeye PC, Cedar Rapids, Iowa
SUMMARY. This article describes the "blocking" by one
long-distance telephone company of access through their system to
certain telephone numbers, particularly BBS numbers. The blocking is
applied in a very arbitrary manner, and the company arrogantly asserts
that BBS SYSOPS and anyone who uses a computer modem are "hackers."
The company doesn't really want to discuss the situation, but it
appears the following scenario occurred. The proverbial "person or
persons unknown" identified one or more "valid" long-distance account
numbers, and subsequently used those numbers on one or more occasions
to fraudulently call a legitimate computer bulletin board system
(BBS). When the long-distance company discovered the fraudulent
charges, they "blocked" the line without bothering to investigate or
contacting the BBS System Operator to obtain his assistance. In fact,
the company did not even determine the SYSOP's name.
The long-distance carrier would like to pretend that the incident
which triggered the actions described in this article was an isolated
situation, not related to anything else in the world. However, there
are major principles of free, uninhibited communications and
individual rights deeply interwoven into the issue. And, there is
still the lingering question, "If one long-distance company is
interfering with their customers' communications on little more than a
whim, are other long-distant companies also interfering with the
American public's right of free 'electronic speech'?"
SETTING THE SCENE. Teleconnect is a long-distance carrier and
telephone direct marketing company headquartered in Cedar Rapids,
Iowa. The company is about eight years old, and has a long-distance
business base of approximately 200,000 customers. Teleconnect has
just completed its first public stock offering, and is presently
(August, 1988) involved in a merger which will make it the nation's
fourth-largest long-distance carrier. It is a very rapidly- growing
company, having achieved its spectacular growth by offering long-
distance service at rates advertised as being 15% to 30% below AT&T's
rates.
When Teleconnect started out in the telephone interconnection
business, few, if any, exchanges were set up for "equal access", so
the company set up a network of local access numbers (essentially just
unlisted local PABXs - private automatic branch exchanges) and
assigned a six-digit account number to each customer. Later, a
seventh "security" digit was added to all account numbers. (I know
what you're thinking - what could be easier for a war-games dialer
than to seek out "valid" seven-digit numbers?) Teleconnect now offers
direct "equal access" dialing on most exchanges. But, the older
access number/account code system is still in place for those
exchanges which do not offer "equal access." And, that system is
still very useful for customers who place calls from their offices or
other locations away from home.
"BLOCKING" DISCOVERED. In early April 1988, a friend mentioned
that Teleconnect was "blocking" certain telephone lines where they
detected computer tone. In particular, he had been unable to call
Curt Kyhl's Stock Exchange BBS in Waterloo, Iowa. This sounded like
something I should certainly look into, so I tried to call Curt's BBS.
CONTACT WITH TELECONNECT. Teleconnect would not allow my call to
go through. Instead, I got a recorded voice message stating that the
call was a local call from my location. A second attempt got the same
recorded message. At least, they were consistent.
I called my Teleconnect service representative and asked just
what the problem was. After I explained what happened, she suggested
that it must be a local call. I explained that I really didn't think
a 70 mile call from Cedar Rapids to Waterloo was a local call. She
checked on the situation and informed me that the line was being
"blocked." I asked why, and she "supposed it was at the customer's
request." After being advised that statement made no sense, she
admitted she really didn't know why. So, on to her supervisor.
The first level supervisor verified the line was being "blocked
by Teleconnect security", but she couldn't or wouldn't say why. Then,
she challenged, "Why do you want to call that number?" That was the
wrong question to ask this unhappy customer, and the lady quickly
discovered that bit of information was none of her business, And, on
to her supervisor.
The second level supervisor refused to reveal any information of
value to a mere customer, but she did suggest that any line Teleconnect
was blocking could still be reached through AT&T or Northwestern Bell
by dialing 10288-1. When questioned why Teleconnect, which for years
had sold its long-distance service on the basis of a cost-saving over
AT&T rates, was now suggesting that customers use AT&T, the lady had
no answer.
I was then informed that, if I needed more information, I should
contact Dan Rogers, Teleconnect's Vice President for Customer Service.
That sounded good; "Please connect me." Then, "I'm sorry, but Mr.
Rogers is out of town, and won't be back until next week." "Next
week?" "But he does call in regularly. Maybe he could call you back
before that." Mr. Rogers did call me back, later that day, from
Washington, D.C. where he and some Teleconnect "security people" were
attending a conference on telephone security.
TELECONNECT RESPONDS, A LITTLE. Dan Rogers prefaced his
conversation with, "I'm just the mouthpiece; I don't understand all
the technical details. But, our security people are blocking that
number because we've had some problems with it in the past." I
protested that the allegation of "problems" didn't make sense because
the number was for a computer bulletin board system operated by a
reputable businessman, Curt Kyhl.
Mr. Rogers said that I had just given Teleconnect new
information; they had not been able to determine whose number they
were blocking. "Our people are good, but they're not that good.
Northwestern Bell won't release subscriber information to us." And,
when he got back to his office the following Monday, he would have the
security people check to see if the block could be removed.
The following Monday, another woman from Teleconnect called to
inform me that they had checked the line, and they were removing the
block from it. She added the comment that this was the first time in
four years that anyone had requested that a line be unblocked. I
suggested that it probably wouldn't be the last time.
In a later telephone conversation, Dan Rogers verified that the
block had been removed from Curt Kyhl's line, but warned that the line
would be blocked again "if there were any more problems with it." A
brief, non-conclusive discussion of Teleconnect's right to take such
action then ensued. I added that the fact that Teleconnect "security"
had been unable to determine the identity of the SYSOP of the blocked
board just didn't make sense; that it didn't sound as if the "security
people" were very competent. Mr. Rogers then admitted that every time
the security people tried to call the number, they got a busy signal
(and, although Mr. Rogers didn't admit it, they just "gave up", and
arbitrarily blocked the line.) Oh, yes, the lying voice message,
"This is a local call...", was not intended to deceive anyone
according to Dan Rogers. It was just that Teleconnect could only put
so many messages on their equipment, and that was the one they
selected for blocked lines.
BEGINNING THE PAPER TRAIL. Obviously, Teleconnect was not going
to pay much attention to telephone calls from mere customers. On
April 22, Ben Blackstock, practicing attorney and veteran SYSOP, wrote
to Mr. Rogers urging that Teleconnect permit their customers to call
whatever numbers they desired. Ben questioned Teleconnect's authority
to block calls, and suggested that such action had serious overlays of
"big brother." He also noted that "you cannot punish the innocent to
get at someone who is apparently causing Teleconnect difficulty."
Casey D. Mahon, Senior Vice President and General Counsel of
Teleconnect, replied to Ben Blackstock's letter on April 28th. This
response was the start of Teleconnect's seemingly endless stream of
vague, general allegations regarding "hackers" and "computer
billboards." Teleconnect insisted they did have authority to block
access to telephone lines, and cited 18 USC 2511(2)(a)(i) as an
example of the authority. The Teleconnect position was summed up in
the letter:
"Finally, please be advised the company is willing to 'unblock'
the line in order to ascertain whether or not illegal hacking has
ceased. In the event, however, that theft of Teleconnect long
distance services through use of the bulletin board resumes, we will
certainly block access through the Teleconnect network again and use
our authority under federal law to ascertain the identity of the
hacker or hackers."
THE GAUNTLET IS PICKED UP. Mr. Blackstock checked the cited
section of the U.S. Code, and discovered that it related only to
"interception" of communications, but had nothing to do with
"blocking". He advised me of his opinion and also wrote back to Casey
Mahon challenging her interpretation of that section of federal law.
In his letter, Ben noted that, "Either Teleconnect is providing a
communication service that is not discriminatory, or it is not." He
added that he would "become upset, to say the least" if he discovered
that Teleconnect was blocking access to his BBS. Mr. Blackstock
concluded by offering to cooperate with Teleconnect in seeking a
declaratory judgment regarding their "right" to block a telephone
number based upon the actions of some third party. To date,
Teleconnect has not responded to that offer.
On May 13th, I sent my own reply to Casey Mahon, and answered the
issues of her letter point by point. I noted that even I, not an
attorney, knew the difference between "interception" and "blocking",
and if Teleconnect didn't, they could check with any football fan. My
letter concluded:
"Since Teleconnect's 'blocking' policies are ill-conceived,
thoughtlessly arbitrary, anti-consumer, and of questionable legality,
they need to be corrected immediately. Please advise me how
Teleconnect is revising these policies to ensure that I and all other
legitimate subscribers will have uninhibited access to any and all
long-distance numbers we choose to call."
Casey Mahon replied on June 3rd. Not unexpectedly, she brushed
aside all my arguments. She also presented the first of the sweeping
generalizations, with total avoidance of specifics, which we have
since come to recognize as a Teleconnect trademark. One paragraph
neatly sums Casey Mahon's letter:
"While I appreciate the time and thought that obviously went into
your letter, I do not agree with your conclusion that Teleconnect's
efforts to prevent theft of its services are in any way inappropriate.
The interexchange industry has been plagued, throughout its history,
by individuals who devote substantial ingenuity to the theft of long
distance services. It is not unheard of for an interexchange company
to lose as much as $500,000 a month to theft. As you can imagine,
such losses, over a period of time, could drive a company out of
business."
ESCALATION. By this time it was very obvious that Teleconnect
was going to remain recalcitrant until some third party, preferably a
regulatory agency, convinced them of the error of their ways.
Accordingly, I assembled the file and added a letter of complaint
addressed to the Iowa Utilities Board. The complaint simply asked
that Teleconnect be directed to institute appropriate safeguards to
ensure that "innocent third parties" would no longer be adversely
affected by Teleconnect's arbitrary "blocking" policies.
My letter of complaint was dated July 7th, and the Iowa Utilities
Board replied on July 13th. The reply stated that Teleconnect was
required to respond to my complaint by August 2nd, and the Board would
then propose a resolution. If the proposed resolution was not
satisfactory, I could request that the file be reopened and the
complaint be reconsidered. If the results of that action were not
satisfactory, a formal hearing could be requested.
After filing the complaint, I also sent a copy of the file to
Congressman Tom Tauke. Mr. Tauke represents the Second Congressional
District of Iowa, which includes Cedar Rapids, and is also a member of
the House Telecommunications Subcommittee. I have subsequently had a
personal conversation with Mr. Tauke as well as additional
correspondence on the subject. He seems to have a deep and genuine
interest in the issue, but at my request, is simply an interested
observer at this time. It is our hope that the Iowa Utilities Board
will propose an acceptable resolution without additional help.
AN UNRESPONSIVE RESPONSE. Teleconnect's "response" to the Iowa
Utilities Board was filed July 29th. As anticipated, it was a mass of
vague generalities and unsubstantiated allegations. However, it
offered one item of new, and shocking, information; Curt Kyhl's BBS
had been blocked for ten months, from June 6, 1987 to mid-April 1988.
(At this point it should be noted that Teleconnect's customers had no
idea that the company was blocking some of our calls. We just assumed
that calls weren't going through because of Teleconnect's technical
problems.)
[Moderator's Note: This will be continued in Part II of this special
issue, which will be transmitted in the next few minutes. PAT]
------------------------------
End of TELECOM Digest Special Issue: Blocking LD Calls - Part I
******************************werner@rascal.ics.utexas.edu (Werner Uhrig) (11/04/90)
> Instead, I got a recorded voice message stating that the call was a local > call from my location. A second attempt got the same recorded message. This is interesting. Just last month, I had a similar "experience" dialing some number (I forget which) and, automatically, I switched to AT&T (my primary is Metromedia ITT, formerly LDS) which completed without a problem. I will keep my eyes out for the next AT&T bill to refresh my memory as to the number and then look into the matter a little more closely. Gee, wouldn't that be a surprise to find more instances of this happening. (I suspect I called a customer support number of some software company, and I would be rather infuriated if Metromedia kept me from obtaining a needed software update...)