💾 Archived View for spam.works › mirrors › textfiles › phreak › cpid-ani.dev captured on 2023-06-16 at 19:42:27.
-=-=-=-=-=-=-
CPID/ANI Developments The introduction of calling number identification and delivery services over the past two years, first by the interexchange carriers and now the LECs, have not been the only developments to provoke concern over telecommunications-related privacy issues. Growth in the use of analog wireless services and, of course, the burst in "junk calling" made economical by recent long distance rate reductions are certainly also factors. But the new Caller*ID and ANI delivery services share primary responsibility for the unprecedented level of state and federal legislative and regulatory activity seeking to strengthen all forms of privacy protection. Because of the ease of public access to state regulatory forums and the high profile currently enjoyed by telecommunications generally, the telephone industry -- much more so than, for example, the direct mailers, the credit/collection industries, or other personal data manupulators -- has become the focal point of public criticism concerning issues affecting perceived personal privacy. This is, without question, a good and healthy development, perhaps even long overdue. The telcos' recent cavalier attempts to introduce new caller identification services as though "nothing has changed" now face hostile challenges, even adverse backlash, with potential technical and disappointing economic consequences. For example, network technology and new revenue generating applications are being threatened by popular but naive state and federal proposals which would mandate calling number blocking at the caller's option while refusing to recognize that this solution is not technically feasible with most forms of CPID delivery -- not even with the most sophisticated ISDN-based delivery methods. (ISDN protocol allows for the insertion of a "privacy code" in the data stream, but nevertheless delivers the private data across the network on the presumption that the receipient will honor the "code".) Although Caller*ID and other similar Calling Party Identification (CPID) services so far have been approved in more jurisdictions than have turned them down, it is apparent that momentum is building against their deployment, at least in their intended mode -- that is, on a universal, nonoptional basis without number blocking. The proponents of ubiquitous CPID delivery appear to be at a loss to come up with a publicly acceptable yet cost effective technical or alternative service solution to the publics' privacy concerns which would not also substantially undermine CPID functionality and its commercial and private utility. Specifically, the public's privacy concerns seem to have settled on the three obviious: (1) protection of the caller's need or desire under particular calling circumstances not to disclose the number from which his/her call is originating; (2) a perceived telephone company duty to avoid all forms of unwarranted number disclosure on behalf of those who have subscribed to and rely on nonpublished and unlisted telephone number service; and (3) control over the use and dissemination of CPID information delivered over the network. But despite its best intentions, to date CPID proponents have been able to agree only on the following meager suggestions: (1) promotion of the use of telephones, calling card and local operator services as means by which callers can avoid disclosing their telephone number; and (2) help agencies and institutions requiring protection against number disclosure or unwanted "call backs" should order service from a designated local exchange set aside by the LEC to guarantee number anonymity, or subscribe to so-called outward-only exchange services. (While the US West operating companies have acquiesed to requiring nondisclosure agreements from noncarrier recipients of CPID information as a method of containing abuse, this practice is far from considered acceptable by the carrier industry generally.) The first set of alternatives leaves an impression of arrogance and insensitivity to the practical needs and circumstances of callers desiring number anonymity. The second alternatives are not universally available and will involve added line costs to the help agencies. As for controls limiting re-use and resale of network generated information, the CPID providers fear that these would undermine the usefulness of CPID information to a large segment of the potential commercial market. Calling number blocking is surfacing as everyone's suggested answer to the number anonymity problem. While both selective call-by-call or calling line number blocking on all calls are technically feasible, they tend to deminish the utility of CPID services for present and planned applications. However, CPID proponents appear willing to accept very limited blocking provided it is extended only to certain categories of customers and call-based help services, such as hot lines. But this solution could prove impossible to administer and might even be unlawfully discriminatory under existing regulatory statutes. The lack of significant progress after nearly two years of wrestling with the CPID privacy issues suggests the need to exhaust and possibly mandate nontechnical approaches. These might include the following: First, there should be strict institutional controls limiting the use of CPID and other telephone generated data and information, and restricting telemarketing call practices. Such controls could be industry self-administered or, if this proves to be ineffective, they could be prescribed by regulators and set forth in the telcos' exchange tariffs. In either case, consensus on specific conduct guidelines will not be reached among industry participants alone without the intervention of either legislators or regulators. Thus, it behooves the CPID advocates -- both providers and potential users -- to move in this direction and embrace outside intervention in developing a code of conduct quickly, before short-sighted technical restraints or other absolute prohibitions are immposed and become irreversible. Second, there should be a widespread CPID public awareness campaign sponsored by CPID providers and supported by all commercial users of such services and those who manufacture or sell products capable of receiving or capturing CPID data. Third, the industry should adopt a simple, universally recognisible symbol (such as the asterick) which can be printed in association with the publication or other promotion of any telephone number which is equipped to capture CPID information. The purpose of this symbol would be to alert callers that their number or other network identifiable information might be captured or recognized by the called party. It would appear in directories and in all ads or other promotions involving display of numbers equipped to receive CPID information. Finally, if and where CPID blocking is prescribed, it should be offered only to existing subscribers and only for a reasonable transitional period. Blocking should not be offered to new or changed subscribers, and should be phasessd out for grandfathered subscribers after a reasonable period has been allowed for all customers to become familiar with the fact that new and evolving telecommunications capabilities and services can no longer assure number anonymity. (New and relocating subscribers would be informed that there can no longer be an automatic expectation of caller anonymity with normal uses of the telephone network.) Meanwhile, the publicity evoked by Caller*ID has had a multiplier effect. It has stimulated public policy debate, first at the state and now the federal level, on telecommuications privacy issues extending beyond just the original question of caller anonymity. This, in turn, has resulted in an unprecedented number of legislative and regulatory proposals and even judicial proceedings which , if not effectively addressed by knowledgeable and interested parties, could lead to a patch quilt of unworkable or ineffective new laws and regulations which fall short of satisfying either sides' best interests and which could have unintended and disappointing results. The most recent step targeted at curbing the spread of CPID/ANI deployment without controls was the introduction of Senate Bill S. 2030 by Senator Kohl (D.WI) referred to as the "Telephone Privacy Act of 1990". This bill would amend The Electronic Privacy Act of l986 to require that any provider of telephone services which include a caller identification delivery capability must also furnish, at no additional charge, the capability for the caller to prevent the "dissemination of their telephone numbers to persons of their choosing." Civil remedies would be made available to persons aggrieved by violations of the new law. According to Senator Kohl, the purpose of the bill is not to curb technology, but to open debate on telecommunications-related privacy issues generally. Moving in this same direction, Dr. Bonnie Guiton, Special Advisor to the President on Consumer Affairs, has convened a task force of industry representatives, known as the Privacy in Telecommunications Working Group, to make recommendations to how to proceed in this emerging privacy area. (I have been invited as a member of the task group). While the Kohl Bill and CPID/ANI issues generally fall within the scope of the task force assignment, it will address all areas of telecommunications privacy-related matters.