RISKS-LIST: RISKS-FORUM Digest Monday 20 March 1989 Volume 8 : Issue 42 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Automatic Caller Identification (Phil R. Karn, Robert Goldman, John Murray, Bernie Cosell, Karl Lehenbauer, Dean Riddlebarger, Mark Mandel, Phil R. Karn again, Benjamin Ellsworth, more or less chronologically) [*** The Whole Issue? Sure, that way you can take it or leave it. ***] The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. * RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99). ---------------------------------------------------------------------- Date: Fri, 17 Mar 89 22:11:13 est From: karn@thumper.bellcore.com (Phil R. Karn) Subject: Internet spoofing and Calling-party ID (Re: RISKS-8.38) I hope I am not the only one to notice the irony in the parallel discussions regarding, on the one hand, concern about the possibility of spoofing source addresses in Internet mail (most often done in practice to gain anonymity), and other hand, privacy concerns about calling party identification in the telephone network. Two things seem clear to me. 1. As a telephone subscriber, I should have the right to demand identification from anyone ringing my phone. 2. As a telephone subscriber, I should have the right to remain anonymous when making a call if I so choose. The obvious solution to these conflicting requirements is to have the telephone system arbitrate a negotiation between the caller and called parties. If a caller wishes to remain anonymous, he should be able to say so when he dials his call. If the called party has chosen to demand identification, then the network should refuse to complete the call and explain why to the caller -- without ringing the called party's phone. If the calling party has not requested anonymity, there is no reason to deny the called party this information. I see no reason to condemn a promising new service like Caller ID when a relatively simple enhancement could satisfy the privacy concerns of both parties. (This is my personal view, and is not necessarily the view of my employer). Phil ------------------------------ Date: Fri, 17 Mar 89 22:32:52 EST From: rpg@cs.brown.edu (Robert Goldman) Subject: Incoming-call id I think Brint Cooper underestimates the technological possibilities when he(?) writes: Incoming-call ID is a difficult problem. Still, doesn't a person, in the privacy of Home, have the right to an "electronic peep-hole" to control his/her privacy? We can have our cake and eat it, too. As I understand it, it is possible to have the originating caller notified of the ID process, and given the opportunity of aborting the call rather than being identified. BUT only if your local phone company gets enough requests for this service. This seems like the ideal compromise: you have to be willing to be identified to reach someone, but you are informed that they are tracing you, and can deny them that service. The source for this was a WSJ article. I'm afraid I've forgotten the exact citation. If anyone has it, it would probably be of interest to all the list: it discussed which phone servers were going to provide the incoming-call ID service, and which were and weren't going to install the out I've mentioned above. ------------------------------ Date: 17 Mar 89 20:33:02 GMT From: johnm@uts.amdahl.com (John Murray) Subject: Re. Incoming-call identification The discussion on the pros and cons of incoming-call identification reminds me of the Confidential Phone service in Northern Ireland. By calling a widely-advertised number, people in Northern Ireland can use an answering machine to report information about terrorist activity to the police/army. The line is supposedly unmonitored, not traced, and completely confidential. Some years ago, a popular pastime for bored teenagers was to call the number from a public phone and start to record some juicy information. They would then make a noise as if they'd just been stabbed or attacked in some way, and hang up. It would come as no surprise when a police or army patrol arrived on the scene within a minute or two. Naturally, the patrol could do nothing, since any action on their part would expose the "confidential" nature of the system! - John Murray, Amdahl Corp. (My own opinions, etc.) ------------------------------ Date: Sat, 18 Mar 89 17:57:59 EST From: Bernie Cosell Subject: Re: Incoming-call identification I truly hesitate to bring the ANI-wars to risks (they're already a couple of weeks old on telecom now), but ... First, this argument is VERY common in this debate and strikes me as fundamentally off the mark: > Incoming-call ID is a difficult problem. Still, doesn't a person, in the > privacy of Home, have the right to an "electronic peep-hole" to control > his/her privacy? Without going into this at length, I'll just assert that the *correct* parallel here should be the use of an answering machine to screen your calls. The answering machine does EVERYTHING the peephole does and more (it allows you the privacy of having the person-you're-screening not even KNOW if you're there doing the screening or not: like simultaneously having a closed-circuit-TV (which doesn't let the caller know if you're looking at the monitor or not) *with* an old-style "chain" that lets you open the door a crack and ask the person who the hell they are and give them an opportunity to explain what they're up to, while STILL denying them access to your house. ANI has nothing to do with any of this, and by contrast, just a "peephole" is a lot closer to just answering the phone (the doorbell rings, you have to go to the door, open the peephole, and choose whether to go farther or not, not much different than answering the phone and hanging up). > This is a larger issue than screening out the vendors who call at dinnertime. > The police and telecos simply are ineffective at dealing with persistent, > harrasing and/or obscene callers. Their methods are cumbersome and > non-responsive to the harrassment. You made a leap from "privacy" to "harrassment" here. You can have more than adequate (IMHO) protection from "harrassment" just by having *telco* use the ANI machinery on your behalf [as has been suggested: telco keeps the information about calling parties and releases it ONLY to folks with a "need to know"]. Bernie Cosell, BBN Sys & Tech, Cambridge, MA 02238 ------------------------------ Date: 19 Mar 89 17:01:43 GMT From: karl@sugar.hackercorp.com (Karl Lehenbauer) Subject: Re: Incoming-call identification, phone number is not enough Regarding incoming-call identification, for this to be usable by most people, different information than the phone number of the caller must be sent. Specifically, some kind of logical ID should be at least included, or sent in place of, a physical ID. Consider that if one was restricting incoming calls to a specific set of numbers, one could not receive an emergency call from a loved one. Few families would be willing to take this risk, so one the good aspects of incoming-call identification, screening calls, would be lost to them. For incoming call screening to be useful in this case, one would have to forward a logical ID. "This is a call from your daughter" rather than "This is a call from (713) 438-5018." Similarly, phone solicitors would be required to forward a special ID indicating that they were calling you with an unsolicited sales pitch. Thus they could be explicitly excluded. I think there should be a bit in the header to indicate whether the call was being handled entirely by automatic equipment as many people (myself included) find those calls particularly offensive and choice targets for elimination. The ID would be sent by entering additional digits or by using something like a credit card with a magnetic stripe. One must already identify oneself by one of these methods when using long distance carriers from remote phones. Cellular phones already identify themselves uniquely as well. Note that similar capabilities are already available in certain high-end answering machines and corporate voice mail systems whereby one can give IDs out to people and dispatch calls based on the IDs entered. To the extent that incoming-number forwarding increases privacy (and implicitly, honesty) I think it is a good thing. To the extent that it decreases privacy (use of it to catch whistle blowers, perform arbitrary surveillance, etc), I think it is a bad thing. Simply forwarding the telephone number of the caller does little to advance the privacy of the individual and is of more use to business and government, would would have the resources to look up the number and determine the True Name of the caller, on-line. Karl Lehenbauer ------------------------------ Date: Mon, 20 Mar 89 06:31 CST From: rdr@killer.dallas.tx.us (Dean Riddlebarger) Subject: Incoming Call ID (Re: RISKS-8.40) In the last issue of Risks, one of the contributors wondered about the mechanics of Incoming Call ID. Now, from what I have seen in my intracompany readings, Incoming Call ID in its most basic form is just a pass through of standard Central Office ANI functionality, so it would be capable of handing a complete number of format NPA-NXX-XXXX to the user. I'm still not sure I fully understand the dynamics of this latest uproar. The capability of number ID has been widely touted as a major initial feature of ISDN for several years now, so I find it interesting that when a telco moves the notion from business applications to a more home-oriented use the proverbial balloon finally goes up... Dean Riddlebarger, Systems Consultant - AT&T, [216] 348-6863 ------------------------------ Date: Mon, 20 Mar 89 10:16 EST From: Mark Mandel Subject: Re: Incoming-call ID I agree with Brint Cooper in support of incoming-call ID. Our area will be getting this service in a few months, and we intend to order it and buy the $60-70 gadget. Why? We have a peculiar, repetitive telephone number, with the pattern XYY-ZZZZ (we didn't ask for it: telco assigned it to us), and we get a large number of unwanted calls in the following categories: 1: "Stutter" wrong numbers. Somebody wants XYY-ZZZA, ZZAB, or ZABC, and either the finger stutters on the Touch-Tone pad or the pad stutters; one or more extra Z's are generated, the extra digits get thrown away, and they reach me. Sometimes they're polite ("Oh, I'm sorry"), sometimes they're rude. 2: Crank callers. For reasons I omit here, our number attracts even more cranks than you would expect from what I've stated here. 3: Prank callers. I refer here to the deliberate nuisance calls that come from my daughter's seventh-grade classmates being seventh-graders. 4: "Not her father!" calls. A classmate calls my daughter, hears my voice (or my wife's), and instead of asking for my daughter simply hangs up without saying anything. 5: Business wrong numbers. The same XYY-ZZZZ number evidently belongs to at least two commercial accounts: in different area codes, of course, but one of those area codes is the next one over, and another differs from ours in only one digit. I know because we've been getting responses to their newspaper ads. 6: Oh, I almost forgot: random wrong numbers, the same kind as anybody else gets incoming. I think that covers it. Now, incoming call-id won't affect all these categories, but it WILL give us a tool to use against types 2, 3, and 4. If we didn't have the peculiar problems raised by our particular number, I don't know if we'd bother (though 4, and probably 3, would still be there); but the total volume of wrong numbers is enough to make us willing to put in the money and effort to achieve the reduction we expect to get. -- Mark Mandel * My employer is not responsible for anything I say, think, do, or eat. * ------------------------------ Date: Mon, 20 Mar 89 13:41:23 EST From: karn@thumper.bellcore.com (Phil R. Karn) Subject: Re: Incoming-call identification Caller-ID recently became available in my exchange in Northern New Jersey (area code 201). I asked the customer service rep about the coverage of this service. The answer, somewhat reluctantly divulged after a bit of prodding, is that the display works only for calls from other phones in the 201 region, and then only those phones on "suitably equipped" exchanges (presumably the right kind of ESS's). This seemed a bit restrictive for a $6/mo service, so I've decided to wait. Phil ------------------------------ Date: Thu, 16 Mar 89 17:01:27 pst From: Benjamin Ellsworth Subject: Confidentiality of incoming numbers (Re: RISKS-8.38) I find myself in hearty disagreement to David Albert's stridently stated position. This disagreement stems from my opinions about anonymity. The anonymity that he seems to be promoting/preserving -- the ability to initiate and carry on a dialog with either or both parties ignorant of the identities of the other -- very new social concept. Even in its current form, it is illusory at best. As little as 100 years ago in this country (and currently in much of the world) in order to talk to someone you have to be in fairly close physical proximity. This fact makes anonymity almost impossible. It is not a grave flaw in societies where this is the case. It should be pointed out that in societies where "anonymity" is not technically ensured, it is ensured by trust. Even now in our society, the real assurance that no one will find out who you are is that no one will look. (In most modern phone networks your veil of anonymity is tissue paper.) For all of the institutions that David feels are threatened by technology, trust will suffice. If any of those institutions violates that trust, it will find itself unused. If unused, unfunded. Either the service proves itself worthy of trust or it disappears. Where's the RISK? Looking for and believing in hardware solutions to purely "wetware" problems. If trust is the problem, it must be fixed in people (their attitudes and organizations) not in their appliances. Machines may make humankind more powerful but machines do not make them more trustworthy. BTW - I will take David's advice and write to the people he mentions. I will write in support of the concept that, on my discretion, to talk to me you must surrender your anonymity. Benjamin Ellsworth, Hewlett-Packard, 1000 N.E. Circle, Corvallis, OR 97330 ------------------------------ End of RISKS-FORUM Digest 8.42 ************************