telecom@eecs.nwu.edu (TELECOM Moderator) (02/25/90)
{{ This special issue of the Digest is being provided intact to Usenet }} {{ readers of comp.dcom.telecom. PT }} TELECOM Digest Sat, 24 Feb 90 17:45:00 CST Special: CPID/ANI Developments Today's Topics: Moderator: Patrick Townson Revised Memo: CPID/ANI Developments (Vic Toth via Don H. Kemp) ---------------------------------------------------------------------- Subject: Revised Memo: CPID/ANI Developments (V. Toth) (fwd) Date: Fri, 23 Feb 90 13:35:01 EST From: Don H Kemp <dhk@teletech.uucp> Forwarded message: Patrick: Appended is a memo sent to all members of the STC by Vic Toth, who is the STC counsel for regulatory affairs. It presents yet another point of view on the CLID/ANI issue. Don ----------------- Text of Memorandum ---------------- The introduction of calling number identification and delivery services over the past two years, first by the interexchange carriers and now the LECs, have not been the only developments to provoke concern over telecommunications-related privacy issues. Growth in the use of analog wireless services and, of course, the burst in "junk calling" made economical by recent long distance rate reductions are certainly also factors. But the new Caller*ID and ANI delivery services share primary responsibility for the unprecedented level of state and federal legislative and regulatory activity seeking to strengthen all forms of privacy protection. Because of the ease of public access to state regulatory forums and the high profile currently enjoyed by telecommunications generally, the telephone industry -- much more so than, for example, the direct mailers, the credit/collection industries, or other personal data manupulators -- has become the focal point of public criticism concerning issues affecting perceived personal privacy. This is, without question, a good and healthy development, perhaps even long overdue. The telcos' recent cavalier attempts to introduce new caller identification services as though "nothing has changed" now face hostile challenges, even adverse backlash, with potential technical and disappointing economic consequences. For example, network technology and new revenue generating applications are being threatened by popular but naive state and federal proposals which would mandate calling number blocking at the caller's option while refusing to recognize that this solution is not technically feasible with most forms of CPID delivery -- not even with the most sophisticated ISDN-based delivery methods. (ISDN protocol allows for the insertion of a "privacy code" in the data stream, but nevertheless delivers the private data across the network on the presumption that the receipient will honor the "code".) Although Caller*ID and other similar Calling Party Identification (CPID) services so far have been approved in more jurisdictions than have turned them down, it is apparent that momentum is building against their deployment, at least in their intended mode -- that is, on a universal, nonoptional basis without number blocking. The proponents of ubiquitous CPID delivery appear to be at a loss to come up with a publicly acceptable yet cost effective technical or alternative service solution to the publics' privacy concerns which would not also substantially undermine CPID functionality and its commercial and private utility. Specifically, the public's privacy concerns seem to have settled on the three obviious: (1) protection of the caller's need or desire under particular calling circumstances not to disclose the number from which his/her call is originating; (2) a perceived telephone company duty to avoid all forms of unwarranted number disclosure on behalf of those who have subscribed to and rely on nonpublished and unlisted telephone number service; and (3) control over the use and dissemination of CPID information delivered over the network. But despite its best intentions, to date CPID proponents have been able to agree only on the following meager suggestions: (1) promotion of the use of telephones, calling card and local operator services as means by which callers can avoid disclosing their telephone number; and (2) help agencies and institutions requiring protection against number disclosure or unwanted "call backs" should order service from a designated local exchange set aside by the LEC to guarantee number anonymity, or subscribe to so-called outward-only exchange services. (While the US West operating companies have acquiesed to requiring nondisclosure agreements from noncarrier recipients of CPID information as a method of containing abuse, this practice is far from considered acceptable by the carrier industry generally.) The first set of alternatives leaves an impression of arrogance and insensitivity to the practical needs and circumstances of callers desiring number anonymity. The second alternatives are not universally available and will involve added line costs to the help agencies. As for controls limiting re-use and resale of network generated information, the CPID providers fear that these would undermine the usefulness of CPID information to a large segment of the potential commercial market. Calling number blocking is surfacing as everyone's suggested answer to the number anonymity problem. While both selective call-by-call or calling line number blocking on all calls are technically feasible, they tend to deminish the utility of CPID services for present and planned applications. However, CPID proponents appear willing to accept very limited blocking provided it is extended only to certain categories of customers and call-based help services, such as hot lines. But this solution could prove impossible to administer and might even be unlawfully discriminatory under existing regulatory statutes. The lack of significant progress after nearly two years of wrestling with the CPID privacy issues suggests the need to exhaust and possibly mandate nontechnical approaches. These might include the following: First, there should be strict institutional controls limiting the use of CPID and other telephone generated data and information, and restricting telemarketing call practices. Such controls could be industry self-administered or, if this proves to be ineffective, they could be prescribed by regulators and set forth in the telcos' exchange tariffs. In either case, consensus on specific conduct guidelines will not be reached among industry participants alone without the intervention of either legislators or regulators. Thus, it behooves the CPID advocates -- both providers and potential users -- to move in this direction and embrace outside intervention in developing a code of conduct quickly, before short-sighted technical restraints or other absolute prohibitions are immposed and become irreversible. Second, there should be a widespread CPID public awareness campaign sponsored by CPID providers and supported by all commercial users of such services and those who manufacture or sell products capable of receiving or capturing CPID data. Third, the industry should adopt a simple, universally recognisible symbol (such as the asterick) which can be printed in association with the publication or other promotion of any telephone number which is equipped to capture CPID information. The purpose of this symbol would be to alert callers that their number or other network identifiable information might be captured or recognized by the called party. It would appear in directories and in all ads or other promotions involving display of numbers equipped to receive CPID information. Finally, if and where CPID blocking is prescribed, it should be offered only to existing subscribers and only for a reasonable transitional period. Blocking should not be offered to new or changed subscribers, and should be phasessd out for grandfathered subscribers after a reasonable period has been allowed for all customers to become familiar with the fact that new and evolving telecommunications capabilities and services can no longer assure number anonymity. (New and relocating subscribers would be informed that there can no longer be an automatic expectation of caller anonymity with normal uses of the telephone network.) Meanwhile, the publicity evoked by Caller*ID has had a multiplier effect. It has stimulated public policy debate, first at the state and now the federal level, on telecommuications privacy issues extending beyond just the original question of caller anonymity. This, in turn, has resulted in an unprecedented number of legislative and regulatory proposals and even judicial proceedings which , if not effectively addressed by knowledgeable and interested parties, could lead to a patch quilt of unworkable or ineffective new laws and regulations which fall short of satisfying either sides' best interests and which could have unintended and disappointing results. The most recent step targeted at curbing the spread of CPID/ANI deployment without controls was the introduction of Senate Bill S. 2030 by Senator Kohl (D.WI) referred to as the "Telephone Privacy Act of 1990". This bill would amend The Electronic Privacy Act of l986 to require that any provider of telephone services which include a caller identification delivery capability must also furnish, at no additional charge, the capability for the caller to prevent the "dissemination of their telephone numbers to persons of their choosing." Civil remedies would be made available to persons aggrieved by violations of the new law. According to Senator Kohl, the purpose of the bill is not to curb technology, but to open debate on telecommunications-related privacy issues generally. Moving in this same direction, Dr. Bonnie Guiton, Special Advisor to the President on Consumer Affairs, has convened a task force of industry representatives, known as the Privacy in Telecommunications Working Group, to make recommendations to how to proceed in this emerging privacy area. (I have been invited as a member of the task group). While the Kohl Bill and CPID/ANI issues generally fall within the scope of the task force assignment, it will address all areas of telecommunications privacy-related matters. ---------- end of text of memoradum ------------ Don H Kemp "Always listen to experts. They'll B B & K Associates, Inc. tell you what can't be done, and Rutland, VT why. Then do it." uunet!uvm-gen!teletech!dhk Lazarus Long [Moderator's Note: Thank you for supplying a copy of this to the Digest. It will be filed in the Archives under the title of this issue. PT] ------------------------------ End of TELECOM Digest Special: CPID/ANI Developments ******************************
johnl@esegue.segue.boston.ma.us (John R. Levine) (02/26/90)
> Appended is a memo sent to all members of the STC by Vic Toth, who > is the STC counsel for regulatory affairs. So what is the STC, anyway? Although this piece was quite coherent and reasonable, it did have a strong internal assumption that universal unblockable CPID is a good idea. I also have to wonder at his suggestions, first that the way to make opposition to CPID go away is public education campaigns to tell people that every time they make a call, the recipient might receive the calling number, and second that CPID blocking be offered only to existing subscribers, not to new or changed ones, as though people who move somehow have fewer privacy rights than people who don't. Sheesh. Regards, John Levine, johnl@esegue.segue.boston.ma.us, {spdcc|ima|lotus}!esegue!johnl
jgro@apldbio.com (Jeremy Grodberg) (02/27/90)
In his article on CPID/ANI Developments, Mr. Toth mentions several possibilities for maintaining the calling party's privacy under a calling-party-id system, and explains why none of them are attractive. What he did not discuss is the idea which I have heard (perhaps even read in this forum?) which makes the most sense to me. I would like to hear what problems there are with the following scheme: The phone company assigns a fictitious id# to those subscribers who request one. This would typically be people who have unlisted phone numbers. These fictitious id#s would be known to the subscriber, so that s/he could give them out to whoever s/he wanted. When calls are placed from the subscribers phone, the fictitious id# is displayed instead of the real phone number. Since this number is tied to a phone number, it serves the same identification purpose: A receipient who is familiar with the number knows what phone a call is coming from, if they are familiar with the number displayed. However, to ensure the privacy of the caller, the fictitious id# would not be able to be used to call back the caller, nor would the phone companies be allowed to reveal who a given id# belongs to, except under court order. Some method would be used to enable people to recognize the difference between real phone numbers and fictitious id#s, the simplest of which is that real phone numbers could show up as 1+Real Area Code + Real Phone Number, and fictitious id#s would be 2+Real Area Code + Fake Phone Number. (I am not familiar with how the numbers are actually stored and displayed, so there is probably a better way, but nothing I have read so far makes me think that it would be difficult to implement the fictitious id# so that it would be easy to tell it from a real phone number). This scheme has the following advantages: 1) People who receive calls always know what phone a call is coming from, even if they don't know that phone's number. Thus people receiving crank calls can tell the authorities where the calls are coming from, and people getting calls from their psychiatrist know who the call is from, without being able to call the psychatrist at home (the psychiatrist could print his or her id# on his or her business card). This protects the person receiving the calls, as the service is designed to. It also allows businesses to access individual callers accounts by id#, if they want to establish such service. 2) It seems, to my outsider's eye, that this is completely feasible. While it would require some extra record-keeping by the phone company to keep track of people's fictitious id#s, it is a small extra piece if information to add to all the other stuff they already keep track of (like name, address, calling card #'s, etc.). Also, the fictitious id#s could be handled like real phone numbers by all of the equipment involved with providing and displaying the calling-party ID. The only problem I can forsee is that of supplying the fictitious id# at the originating switch: since I don't know how the real phone number is supplied, I can't say how much harder it would be to supply a fictitious one. I am guessing it is a relatively simple matter to replace one string with another, but I'm sure I could be wrong. 3) There is very little breach of the caller's privacy, although there is some. What little breach there is may well be justifiable, like taking pictures of anyone who walks into a bank (no flames for a bad analogy, please). A user of a phone with a fictitious id# can call anyone he or she wants, and all the recipient of the call will know is if it is someone who called before, unless the caller previously gave the call recipient further information, or unless the call recipient can convince the police that the caller has done something illegal. For those who are truely paranoid about having someone find them, such as people who might call a suicide prevention hot-line, they are already worried that the phone company can trace their call, and I don't think fictitious id#s will make matters much worse. The most innocent problem I can think of under this scheme is that a person might do business with a company which maintains customer records based on the recieved id#, and so even someone with a fictitious id# would not be able to make an anonymous call to such a business, from the phone they normally use. This is at most an inconvenience, not a breach of privacy. Another version of this scheme would assign fictitious id#s to ALL phones. Unlisted phones would always send the fictitious id#, but listed phones could substitiute the fictitious one by keying a privacy code when dialing. This even solves the problem (for listed phones) of making anonymous calls to a buisness with which the caller has established a relationship. I submit this for discussion, because I am a big fan of CPID, and would very much like to have it work. It won't be useful to me, though, if anyone who wants to keep me from seeing who is calling can, and the only way people can avoid giving out their phone numbers is to remove all useful information about who is calling. I may not really like the idea that with CPID I might not be able to get away with calling my friends and playing jokes on them, but I do like even more that they won't be able to play jokes on me. If there are no problems with this system, perhaps someone can suggest it to the powers that be, and we can really have it. If there are problems, perhaps we can work them out though this forum.
Leichter-Jerry@cs.yale.edu (03/01/90)
I recently ran into another instance where Caller ID would be problematical. Since it wasn't implemented in the area where this happened, it's just a theoretical issue, but as I haven't seen anyone suggest this before... Generally, the problems discussed so far have had to do with Caller ID revealing WHO you are, when you might not want that revealed. There can also be cases in which it reveals WHERE you are, when you might not want to reveal THAT. Example: I have two customers, A and B. For various reasons, I have a close relationship with A, but it would be bad policy for me to reveal to B that I also work with A. I'm visiting A, check my answering machine, and find an urgent message from B. A has no objection to my calling B on their line, and I'm really not concerned about A finding out about B. With Caller ID, if I call B, I've just given away that I'm at A. If A is the only significant business in my field in a small town, it might even reveal too much for me to call B from a nearby pay phone - i.e., there are perfectly reasonable cases in which a Caller ID system that sent only area code and prefix revealed too much. (Note that in the case of a call from a phone booth, you don't even need to posit my close relationship with A.) Now, you can say that all my relationships should be open and above board, so that I SHOULD have no objection to letting anyone know where I am. But let's be real here - that same argument can be - and is - made with respect to just about every violation of privacy. (Why should you object to the police searching your house if you have nothing to hide?) It's this "living in a fishbowl" potential of Caller ID that is so worrysome. -- Jerry
john@bovine.ati.com (John Higdon) (03/05/90)
Leichter-Jerry@cs.yale.edu writes: > [about how he doesn't want B to know that he associates with A] > With Caller ID, if I call B, I've just given away that I'm at A. Suggestions: 1. Wait until you are out of the area to call B. If this information (that you associate with A) is so sensitive, then maybe the return call can wait. 2. Use a portable cellular phone to call B. 3. Call your office and have them relay the call (via conferencing or three-way). 4. Use one of A's unlisted numbers. (Gee, maybe I ought to set up a practice. "Living with Caller-ID -- Consultations" The doctor is IN.) That'll be one dollah, please! John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o !