telecom@eecs.nwu.edu (TELECOM Moderator) (02/25/90)
{{ This special issue of the Digest is being provided intact to Usenet }}
{{ readers of comp.dcom.telecom. PT }}
TELECOM Digest Sat, 24 Feb 90 17:45:00 CST Special: CPID/ANI Developments
Today's Topics: Moderator: Patrick Townson
Revised Memo: CPID/ANI Developments (Vic Toth via Don H. Kemp)
----------------------------------------------------------------------
Subject: Revised Memo: CPID/ANI Developments (V. Toth) (fwd)
Date: Fri, 23 Feb 90 13:35:01 EST
From: Don H Kemp <dhk@teletech.uucp>
Forwarded message:
Patrick:
Appended is a memo sent to all members of the STC by Vic Toth, who
is the STC counsel for regulatory affairs. It presents yet
another point of view on the CLID/ANI issue.
Don
----------------- Text of Memorandum ----------------
The introduction of calling number identification and delivery
services over the past two years, first by the interexchange carriers
and now the LECs, have not been the only developments to provoke
concern over telecommunications-related privacy issues. Growth in the
use of analog wireless services and, of course, the burst in "junk
calling" made economical by recent long distance rate reductions are
certainly also factors. But the new Caller*ID and ANI delivery
services share primary responsibility for the unprecedented level of
state and federal legislative and regulatory activity seeking to
strengthen all forms of privacy protection. Because of the ease of
public access to state regulatory forums and the high profile
currently enjoyed by telecommunications generally, the telephone
industry -- much more so than, for example, the direct mailers, the
credit/collection industries, or other personal data manupulators --
has become the focal point of public criticism concerning issues
affecting perceived personal privacy. This is, without question, a
good and healthy development, perhaps even long overdue.
The telcos' recent cavalier attempts to introduce new caller
identification services as though "nothing has changed" now face
hostile challenges, even adverse backlash, with potential technical
and disappointing economic consequences. For example, network
technology and new revenue generating applications are being
threatened by popular but naive state and federal proposals which
would mandate calling number blocking at the caller's option while
refusing to recognize that this solution is not technically feasible
with most forms of CPID delivery -- not even with the most
sophisticated ISDN-based delivery methods. (ISDN protocol allows for
the insertion of a "privacy code" in the data stream, but nevertheless
delivers the private data across the network on the presumption that
the receipient will honor the "code".)
Although Caller*ID and other similar Calling Party Identification
(CPID) services so far have been approved in more jurisdictions than
have turned them down, it is apparent that momentum is building
against their deployment, at least in their intended mode -- that is,
on a universal, nonoptional basis without number blocking. The
proponents of ubiquitous CPID delivery appear to be at a loss to come
up with a publicly acceptable yet cost effective technical or
alternative service solution to the publics' privacy concerns which
would not also substantially undermine CPID functionality and its
commercial and private utility.
Specifically, the public's privacy concerns seem to have settled on
the three obviious: (1) protection of the caller's need or desire
under particular calling circumstances not to disclose the number from
which his/her call is originating; (2) a perceived telephone company
duty to avoid all forms of unwarranted number disclosure on behalf of
those who have subscribed to and rely on nonpublished and unlisted
telephone number service; and (3) control over the use and
dissemination of CPID information delivered over the network.
But despite its best intentions, to date CPID proponents have been
able to agree only on the following meager suggestions: (1) promotion
of the use of telephones, calling card and local operator services as
means by which callers can avoid disclosing their telephone number;
and (2) help agencies and institutions requiring protection against
number disclosure or unwanted "call backs" should order service from a
designated local exchange set aside by the LEC to guarantee number
anonymity, or subscribe to so-called outward-only exchange services.
(While the US West operating companies have acquiesed to requiring
nondisclosure agreements from noncarrier recipients of CPID
information as a method of containing abuse, this practice is far from
considered acceptable by the carrier industry generally.)
The first set of alternatives leaves an impression of arrogance and
insensitivity to the practical needs and circumstances of callers
desiring number anonymity. The second alternatives are not
universally available and will involve added line costs to the help
agencies. As for controls limiting re-use and resale of network
generated information, the CPID providers fear that these would
undermine the usefulness of CPID information to a large segment of the
potential commercial market.
Calling number blocking is surfacing as everyone's suggested answer to
the number anonymity problem. While both selective call-by-call or
calling line number blocking on all calls are technically feasible,
they tend to deminish the utility of CPID services for present and
planned applications. However, CPID proponents appear willing to
accept very limited blocking provided it is extended only to certain
categories of customers and call-based help services, such as hot
lines. But this solution could prove impossible to administer and
might even be unlawfully discriminatory under existing regulatory
statutes.
The lack of significant progress after nearly two years of wrestling
with the CPID privacy issues suggests the need to exhaust and possibly
mandate nontechnical approaches. These might include the following:
First, there should be strict institutional controls limiting the use
of CPID and other telephone generated data and information, and
restricting telemarketing call practices. Such controls could be
industry self-administered or, if this proves to be ineffective, they
could be prescribed by regulators and set forth in the telcos'
exchange tariffs. In either case, consensus on specific conduct
guidelines will not be reached among industry participants alone
without the intervention of either legislators or regulators. Thus,
it behooves the CPID advocates -- both providers and potential users --
to move in this direction and embrace outside intervention in
developing a code of conduct quickly, before short-sighted technical
restraints or other absolute prohibitions are immposed and become
irreversible.
Second, there should be a widespread CPID public awareness campaign
sponsored by CPID providers and supported by all commercial users of
such services and those who manufacture or sell products capable of
receiving or capturing CPID data.
Third, the industry should adopt a simple, universally recognisible
symbol (such as the asterick) which can be printed in association with
the publication or other promotion of any telephone number which is
equipped to capture CPID information. The purpose of this symbol
would be to alert callers that their number or other network
identifiable information might be captured or recognized by the called
party. It would appear in directories and in all ads or other
promotions involving display of numbers equipped to receive CPID
information.
Finally, if and where CPID blocking is prescribed, it should be
offered only to existing subscribers and only for a reasonable
transitional period. Blocking should not be offered to new or changed
subscribers, and should be phasessd out for grandfathered subscribers
after a reasonable period has been allowed for all customers to become
familiar with the fact that new and evolving telecommunications
capabilities and services can no longer assure number anonymity. (New
and relocating subscribers would be informed that there can no longer
be an automatic expectation of caller anonymity with normal uses of
the telephone network.)
Meanwhile, the publicity evoked by Caller*ID has had a multiplier
effect. It has stimulated public policy debate, first at the state
and now the federal level, on telecommuications privacy issues
extending beyond just the original question of caller anonymity.
This, in turn, has resulted in an unprecedented number of legislative
and regulatory proposals and even judicial proceedings which , if not
effectively addressed by knowledgeable and interested parties, could
lead to a patch quilt of unworkable or ineffective new laws and
regulations which fall short of satisfying either sides' best
interests and which could have unintended and disappointing results.
The most recent step targeted at curbing the spread of CPID/ANI
deployment without controls was the introduction of Senate Bill S.
2030 by Senator Kohl (D.WI) referred to as the "Telephone Privacy Act
of 1990". This bill would amend The Electronic Privacy Act of l986 to
require that any provider of telephone services which include a caller
identification delivery capability must also furnish, at no additional
charge, the capability for the caller to prevent the "dissemination of
their telephone numbers to persons of their choosing." Civil remedies
would be made available to persons aggrieved by violations of the new
law. According to Senator Kohl, the purpose of the bill is not to
curb technology, but to open debate on telecommunications-related
privacy issues generally.
Moving in this same direction, Dr. Bonnie Guiton, Special Advisor to
the President on Consumer Affairs, has convened a task force of
industry representatives, known as the Privacy in Telecommunications
Working Group, to make recommendations to how to proceed in this
emerging privacy area. (I have been invited as a member of the task
group). While the Kohl Bill and CPID/ANI issues generally fall within
the scope of the task force assignment, it will address all areas of
telecommunications privacy-related matters.
---------- end of text of memoradum ------------
Don H Kemp "Always listen to experts. They'll
B B & K Associates, Inc. tell you what can't be done, and
Rutland, VT why. Then do it."
uunet!uvm-gen!teletech!dhk Lazarus Long
[Moderator's Note: Thank you for supplying a copy of this to the Digest.
It will be filed in the Archives under the title of this issue. PT]
------------------------------
End of TELECOM Digest Special: CPID/ANI Developments
******************************johnl@esegue.segue.boston.ma.us (John R. Levine) (02/26/90)
> Appended is a memo sent to all members of the STC by Vic Toth, who > is the STC counsel for regulatory affairs. So what is the STC, anyway? Although this piece was quite coherent and reasonable, it did have a strong internal assumption that universal unblockable CPID is a good idea. I also have to wonder at his suggestions, first that the way to make opposition to CPID go away is public education campaigns to tell people that every time they make a call, the recipient might receive the calling number, and second that CPID blocking be offered only to existing subscribers, not to new or changed ones, as though people who move somehow have fewer privacy rights than people who don't. Sheesh. Regards, John Levine, johnl@esegue.segue.boston.ma.us, {spdcc|ima|lotus}!esegue!johnl
jgro@apldbio.com (Jeremy Grodberg) (02/27/90)
In his article on CPID/ANI Developments, Mr. Toth mentions several possibilities for maintaining the calling party's privacy under a calling-party-id system, and explains why none of them are attractive. What he did not discuss is the idea which I have heard (perhaps even read in this forum?) which makes the most sense to me. I would like to hear what problems there are with the following scheme: The phone company assigns a fictitious id# to those subscribers who request one. This would typically be people who have unlisted phone numbers. These fictitious id#s would be known to the subscriber, so that s/he could give them out to whoever s/he wanted. When calls are placed from the subscribers phone, the fictitious id# is displayed instead of the real phone number. Since this number is tied to a phone number, it serves the same identification purpose: A receipient who is familiar with the number knows what phone a call is coming from, if they are familiar with the number displayed. However, to ensure the privacy of the caller, the fictitious id# would not be able to be used to call back the caller, nor would the phone companies be allowed to reveal who a given id# belongs to, except under court order. Some method would be used to enable people to recognize the difference between real phone numbers and fictitious id#s, the simplest of which is that real phone numbers could show up as 1+Real Area Code + Real Phone Number, and fictitious id#s would be 2+Real Area Code + Fake Phone Number. (I am not familiar with how the numbers are actually stored and displayed, so there is probably a better way, but nothing I have read so far makes me think that it would be difficult to implement the fictitious id# so that it would be easy to tell it from a real phone number). This scheme has the following advantages: 1) People who receive calls always know what phone a call is coming from, even if they don't know that phone's number. Thus people receiving crank calls can tell the authorities where the calls are coming from, and people getting calls from their psychiatrist know who the call is from, without being able to call the psychatrist at home (the psychiatrist could print his or her id# on his or her business card). This protects the person receiving the calls, as the service is designed to. It also allows businesses to access individual callers accounts by id#, if they want to establish such service. 2) It seems, to my outsider's eye, that this is completely feasible. While it would require some extra record-keeping by the phone company to keep track of people's fictitious id#s, it is a small extra piece if information to add to all the other stuff they already keep track of (like name, address, calling card #'s, etc.). Also, the fictitious id#s could be handled like real phone numbers by all of the equipment involved with providing and displaying the calling-party ID. The only problem I can forsee is that of supplying the fictitious id# at the originating switch: since I don't know how the real phone number is supplied, I can't say how much harder it would be to supply a fictitious one. I am guessing it is a relatively simple matter to replace one string with another, but I'm sure I could be wrong. 3) There is very little breach of the caller's privacy, although there is some. What little breach there is may well be justifiable, like taking pictures of anyone who walks into a bank (no flames for a bad analogy, please). A user of a phone with a fictitious id# can call anyone he or she wants, and all the recipient of the call will know is if it is someone who called before, unless the caller previously gave the call recipient further information, or unless the call recipient can convince the police that the caller has done something illegal. For those who are truely paranoid about having someone find them, such as people who might call a suicide prevention hot-line, they are already worried that the phone company can trace their call, and I don't think fictitious id#s will make matters much worse. The most innocent problem I can think of under this scheme is that a person might do business with a company which maintains customer records based on the recieved id#, and so even someone with a fictitious id# would not be able to make an anonymous call to such a business, from the phone they normally use. This is at most an inconvenience, not a breach of privacy. Another version of this scheme would assign fictitious id#s to ALL phones. Unlisted phones would always send the fictitious id#, but listed phones could substitiute the fictitious one by keying a privacy code when dialing. This even solves the problem (for listed phones) of making anonymous calls to a buisness with which the caller has established a relationship. I submit this for discussion, because I am a big fan of CPID, and would very much like to have it work. It won't be useful to me, though, if anyone who wants to keep me from seeing who is calling can, and the only way people can avoid giving out their phone numbers is to remove all useful information about who is calling. I may not really like the idea that with CPID I might not be able to get away with calling my friends and playing jokes on them, but I do like even more that they won't be able to play jokes on me. If there are no problems with this system, perhaps someone can suggest it to the powers that be, and we can really have it. If there are problems, perhaps we can work them out though this forum.
Leichter-Jerry@cs.yale.edu (03/01/90)
I recently ran into another instance where Caller ID would be problematical. Since it wasn't implemented in the area where this happened, it's just a theoretical issue, but as I haven't seen anyone suggest this before... Generally, the problems discussed so far have had to do with Caller ID revealing WHO you are, when you might not want that revealed. There can also be cases in which it reveals WHERE you are, when you might not want to reveal THAT. Example: I have two customers, A and B. For various reasons, I have a close relationship with A, but it would be bad policy for me to reveal to B that I also work with A. I'm visiting A, check my answering machine, and find an urgent message from B. A has no objection to my calling B on their line, and I'm really not concerned about A finding out about B. With Caller ID, if I call B, I've just given away that I'm at A. If A is the only significant business in my field in a small town, it might even reveal too much for me to call B from a nearby pay phone - i.e., there are perfectly reasonable cases in which a Caller ID system that sent only area code and prefix revealed too much. (Note that in the case of a call from a phone booth, you don't even need to posit my close relationship with A.) Now, you can say that all my relationships should be open and above board, so that I SHOULD have no objection to letting anyone know where I am. But let's be real here - that same argument can be - and is - made with respect to just about every violation of privacy. (Why should you object to the police searching your house if you have nothing to hide?) It's this "living in a fishbowl" potential of Caller ID that is so worrysome. -- Jerry
john@bovine.ati.com (John Higdon) (03/05/90)
Leichter-Jerry@cs.yale.edu writes: > [about how he doesn't want B to know that he associates with A] > With Caller ID, if I call B, I've just given away that I'm at A. Suggestions: 1. Wait until you are out of the area to call B. If this information (that you associate with A) is so sensitive, then maybe the return call can wait. 2. Use a portable cellular phone to call B. 3. Call your office and have them relay the call (via conferencing or three-way). 4. Use one of A's unlisted numbers. (Gee, maybe I ought to set up a practice. "Living with Caller-ID -- Consultations" The doctor is IN.) That'll be one dollah, please! John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o !