Robert Kaplan <kaplanr@chaos.cs.brandeis.edu> (04/08/90)
As promised, here is the transcript of the first story I did for Brandeis' WBRS-FM on the problems with the Brandeis phone system. This part aired March 26. Part two, which I'll post soon, aired April 5. PART ONE FYBUSH: Students using the Brandeis phone system in recent months have experienced numerous problems with billing, connection quality, and operator service. In this series, we'll explore some of these problems and show what Brandeis is -- or isn't -- doing to fix them. The most obvious problem to many students shows up when they open their bills each month: calls to cities -- or even countries -- that they've never even heard of. According to Director of Telecommunications Virginia Baron Rude, those problems stem from a new billing system implemented this semester. BARON RUDE: We put in a new billing system ... we brought it in-house, and there have been some problems with something called integration. And so, what has happened, people are getting their roommate's calls, because it's having trouble matching certain calls' authorization code records with the actual call. Basically, it loses the authorization code and it defaults to the extension. So the person who is responsible for the phone is getting an extension-billed charge, instead of the authorization charge that they should be. FYBUSH: But some calls that show up on student bills were never really made at all. Many students have had calls to India appear on their bills. One student, who requested anonymity, had this experience: STUDENT: Let's say I did call India for four minutes, for eight dollars. And I just said I didn't do it. They're so unsure of their system that they just said "OK" and crossed it off. FYBUSH: The calls to India that many students have been billed for actually have a logical explanation. To dial a long-distance call from a campus phone, students must first dial 9-1. 9-1 is also the country code for India. The billing computers failed to drop the 9-1 from the number and billed the students for India. But Baran Rude says all students who complained about the India calls were credited. BARAN RUDE: We have given everybody credit ... let me state up front that we apologize for the situation ... it was bumpier around the conversion than we thought. We certainly will give everybody credit. FYBUSH: Students who have had their roommates' calls show up on their bills don't ususally get immediate credit, though. Although most students I talked to agreed that it shouldn't be... STUDENT: ...our problem to have to go and play collection agency. FYBUSH: Telecom's policy on roommate calls is more strict, though: BARAN RUDE: If you're on good terms with your roommate, it would be easier if you could just collect from them. If that's not the case, then we will give party A credit and run a check with the second system and bill party B. FYBUSH: But these are all examples of calls that were made legitimately. Brandeis uses a system of six-digit access codes to place long-distance calls. Students receive a code beginning with the digits five through nine ... and according to Lisa Diamond, financial analyst at Brandeis Telecommunications, those codes are assigned randomly. DIAMOND: They're completely random; there's no rhyme or reason to them. FYBUSH: And director Virginia Baran Rude also claims that those codes are randomly assigned. BARAN RUDE: They are assigned randomly. And again, part of the reason we went to the new billing system is -- we haven't used it yet -- but it will assign authorization codes randomly. And it will also keep a history file for us, so so we don't recycle a senior's auth code to a freshman the next fall. FYBUSH: But a WBRS News investigation has shown a different story. Of the five possible starting digits for the access code, two are entirely unused, one is used very little, and the vast majority of student access codes start with only two of those five digits. In fact, every first year student interviewed for this story had an access code that started with the same number. What this means to the system is that a student who knows the correct first digit has only to pick four random digits to find a valid access code -- and the odds of that may be as little as 100 to one. According to Bill Wheeler, a Portland, Oregon telecommunications consultant, that's not secure enough. And Brandeis student Ofer Inbar told WBRS News that with the help of an autodialer, he could have a valid code within an hour -- without ever actually entering the computer system in the telecommunications office. And another student says there are even easier ways to get a valid code: STUDENT: As far as code security goes, I think they've got a major problem down there. Because I was sitting at a desk, waiting for the nice lady to go and get a form approved, and I saw literally hundreds of students' access codes, with names and things like that. But they swear that there is no security problem. This student also says that it would not be difficult to get a valid code by dialing randomly. STUDENT: I was wondering how easy it would be to get one of those by chance, and statistically the odds are not that low. However, there are certain prefixes -- I know my old code and my new code are both 99 -- And I know a student who lives off campus, who told me that when he needs to make a long-distance call, he comes on campus and just plays around with a phone, using known prefixes, and it takes him about 15 times to get a legit code. So I don't know if some of the calls people have been getting are from him, but I know it's very possible. FYBUSH: Yet Brandeis Telecommunications is satisfied with the security of the six-digit codes: BARAN RUDE: I wouldn't want to go to seven or eight digits, let's just say that ... although the system could handle it. FYBUSH: Brandeis does have some security measures in place, according to Diamond and Baran Rude. BARAN RUDE: We also get the phone of origin... DIAMOND: We have had a few problems, but word caught on that we, I'd say 98% of the time, find out who's doing the calling ... not many students have gotten away with that, and students have been fined for doing that in the past. And this year, I recall one incident where it was a problem ... but we did catch the person and they did reimburse the other person for the calls. And we changed the other person's access code. FYBUSH: And while Brandeis Telecommunications _may_ have its billing and security problems under control, it is still the only option available to on-campus students. On the next installment, I'll look at the legal aspects of that situation and the problems it has caused. For WBRS News, I'm Scott Fybush. ------------------- I'll post part two next week. My thanks to all the TELECOM Digest readers who so generously contributed their time and knowledge to the story. Scott Fybush (Assistant News Director, WBRS-FM Waltham MA)