Robert Kaplan <kaplanr@chaos.cs.brandeis.edu> (04/08/90)
As promised, here is the transcript of the first story I did for Brandeis'
WBRS-FM on the problems with the Brandeis phone system. This part aired
March 26. Part two, which I'll post soon, aired April 5.
PART ONE
FYBUSH: Students using the Brandeis phone system in recent months have
experienced numerous problems with billing, connection quality, and
operator service. In this series, we'll explore some of these
problems and show what Brandeis is -- or isn't -- doing to fix them.
The most obvious problem to many students shows up when they open
their bills each month: calls to cities -- or even countries -- that
they've never even heard of. According to Director of Telecommunications
Virginia Baron Rude, those problems stem from a new billing system
implemented this semester.
BARON RUDE: We put in a new billing system ... we brought it in-house,
and there have been some problems with something called integration.
And so, what has happened, people are getting their roommate's calls,
because it's having trouble matching certain calls' authorization code
records with the actual call. Basically, it loses the authorization
code and it defaults to the extension. So the person who is
responsible for the phone is getting an extension-billed charge,
instead of the authorization charge that they should be.
FYBUSH: But some calls that show up on student bills were never really
made at all. Many students have had calls to India appear on their
bills. One student, who requested anonymity, had this experience:
STUDENT: Let's say I did call India for four minutes, for eight dollars.
And I just said I didn't do it. They're so unsure of their system that they
just said "OK" and crossed it off.
FYBUSH: The calls to India that many students have been billed for
actually have a logical explanation. To dial a long-distance call
from a campus phone, students must first dial 9-1. 9-1 is also the
country code for India. The billing computers failed to drop the 9-1
from the number and billed the students for India. But Baran Rude
says all students who complained about the India calls were credited.
BARAN RUDE: We have given everybody credit ... let me state up front
that we apologize for the situation ... it was bumpier around the
conversion than we thought. We certainly will give everybody credit.
FYBUSH: Students who have had their roommates' calls show up on their
bills don't ususally get immediate credit, though. Although most
students I talked to agreed that it shouldn't be...
STUDENT: ...our problem to have to go and play collection agency.
FYBUSH: Telecom's policy on roommate calls is more strict, though:
BARAN RUDE: If you're on good terms with your roommate, it would be
easier if you could just collect from them. If that's not the case,
then we will give party A credit and run a check with the second
system and bill party B.
FYBUSH: But these are all examples of calls that were made
legitimately. Brandeis uses a system of six-digit access codes to
place long-distance calls. Students receive a code beginning with the
digits five through nine ... and according to Lisa Diamond, financial
analyst at Brandeis Telecommunications, those codes are assigned
randomly.
DIAMOND: They're completely random; there's no rhyme or reason to them.
FYBUSH: And director Virginia Baran Rude also claims that those codes
are randomly assigned.
BARAN RUDE: They are assigned randomly. And again, part of the reason
we went to the new billing system is -- we haven't used it yet -- but
it will assign authorization codes randomly. And it will also keep a
history file for us, so so we don't recycle a senior's auth code to a
freshman the next fall.
FYBUSH: But a WBRS News investigation has shown a different story. Of
the five possible starting digits for the access code, two are
entirely unused, one is used very little, and the vast majority of
student access codes start with only two of those five digits. In
fact, every first year student interviewed for this story had an
access code that started with the same number.
What this means to the system is that a student who knows the correct
first digit has only to pick four random digits to find a valid access
code -- and the odds of that may be as little as 100 to one.
According to Bill Wheeler, a Portland, Oregon telecommunications
consultant, that's not secure enough. And Brandeis student Ofer Inbar
told WBRS News that with the help of an autodialer, he could have a
valid code within an hour -- without ever actually entering the
computer system in the telecommunications office. And another student
says there are even easier ways to get a valid code:
STUDENT: As far as code security goes, I think they've got a major
problem down there. Because I was sitting at a desk, waiting for the
nice lady to go and get a form approved, and I saw literally hundreds
of students' access codes, with names and things like that. But they
swear that there is no security problem.
This student also says that it would not be difficult to get a valid
code by dialing randomly.
STUDENT: I was wondering how easy it would be to get one of those by
chance, and statistically the odds are not that low. However, there
are certain prefixes -- I know my old code and my new code are both 99 --
And I know a student who lives off campus, who told me that when he
needs to make a long-distance call, he comes on campus and just plays
around with a phone, using known prefixes, and it takes him about 15
times to get a legit code. So I don't know if some of the calls
people have been getting are from him, but I know it's very possible.
FYBUSH: Yet Brandeis Telecommunications is satisfied with the security
of the six-digit codes:
BARAN RUDE: I wouldn't want to go to seven or eight digits, let's just
say that ... although the system could handle it.
FYBUSH: Brandeis does have some security measures in place, according
to Diamond and Baran Rude.
BARAN RUDE: We also get the phone of origin...
DIAMOND: We have had a few problems, but word caught on that we, I'd
say 98% of the time, find out who's doing the calling ... not many
students have gotten away with that, and students have been fined for
doing that in the past. And this year, I recall one incident where it
was a problem ... but we did catch the person and they did reimburse the
other person for the calls. And we changed the other person's access
code.
FYBUSH: And while Brandeis Telecommunications _may_ have its billing
and security problems under control, it is still the only option
available to on-campus students. On the next installment, I'll look
at the legal aspects of that situation and the problems it has caused.
For WBRS News, I'm Scott Fybush.
-------------------
I'll post part two next week. My thanks to all the TELECOM Digest
readers who so generously contributed their time and knowledge to the
story.
Scott Fybush
(Assistant News Director, WBRS-FM Waltham MA)