home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 2
/
HACKER2.BIN
/
768.CPD326.TXT
< prev
next >
Wrap
Text File
|
1993-09-09
|
30KB
|
618 lines
Computer Privacy Digest Thu, 09 Sep 93 Volume 3 : Issue: 026
Today's Topics: Moderator: Dennis G. Rears
The John & Kelly Show
Re: ANI
Re: ANI
Re: ANI
Re: ANI
Re: ANI
Re: ANI
Re: ANI
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Thu, 9 Sep 93 9:07:02 EDT
From: Computer Privacy List Moderator <comp-privacy@Pica.Army.Mil>
Subject: The John & Kelly Show
This particular digest contains email between John Higdon and Kelly
Bert Manning. Since they had cc'ed each other they were able to
respond to each other before the digest went out. I figured I would
wait until I had several messages to publish this.
Dennis
------------------------------
Date: Tue, 7 Sep 93 22:44:49 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: ANI
In a previous article, john@zygot.ati.com (John Higdon) says:
>Kelly Bert Manning <ua602@freenet.victoria.bc.ca> writes:
>> Does paying for an 800/900 call give someone carte blance to do anything
>> they want with the callers number, such as using it to retrieve an address
>> from a reverse directory and peddling it to porno magazines as a hot sales
>> prospect?
>
>Why would they bother unless you were calling a porn service to begin
>with? What do you and others really think a company is going to do with
>your phone number? It isn't the key to your house, your savings
>passbook number, your Swiss bank account number, or your winning lotto
>ticket. It is just your phone number for crissake! The only legitimate
>concern expressed here has been that some telemarketer MIGHT call some
>evening. Horrors! What a thought! Even if true (it more than likely is
>not), I know many people who have survived telemarketing calls and
>lived to tell about it.
My wife even survived being raped by a former boyfriend after she gave
her new address to the BC Moter Vehicle Branch when she moved to Vancouver
to get away from him in the early 80s. Shortly after that the Victoria
police started interviewing everyone who knew him when they found him
living in the apartment of a local college student who had been reported
missing. He gave us a middle of the night phone call and showed up at our
previous address shortly after we gave our phone number and address to
the local public library. This has made us acutely aware that any data
given to anyone can result in him showing up again, with the least consequence
being that we would have to move again.
A persons phone number identifies their neighbourhood, down to the area
served by the local exchange part of their number. This greately narrows
the geographic area in which a stalker has to look to locate someone.
Even if people avoid getting a credit history by paying in cash or check
as we do, their address is often available from local public records.
Knowing that Rebecca Schaeffer lived in California was all her killer
needed to know to find out where she lived and kill her. Alphabetic
lists of voters, homeowners, and other categories of citizen/resident
are usually accesible with no questions asked. Preventing someone from
identifiying which lists to look in can literally be a matter of life
and death. The immoral transfer of addresses and other personal
information to third parties without the knowledge or consent of an
individual can literally be the death of them.
Here in Victoria a woman trying to hide from her former husband was
recently burned out of her third rented apartment in 6 months. Arson
is not a very selective weapon. The direct targets of stalkers aren't
the only ones at risk.
>
>Telemarketing is a shotgun enterprise. No telemarketer that I am aware
>of has people calling selected lists taken from ANI-generated
>databases. It simply does not make any logistic or economic sense
>except in some very specialized areas.
Telemarketing strategies don't have to make sense because the real
"product" is calls, with sales being incidental. This is proved by
their lobbying to get Bush to veto a bill that would have made them
honour a do not call list of people who did not want to get telemarketing
calls ever, under any circumstances. The line they trot out is that this
activity supposedly generates some billions of economic activity each
year. The fallacy is that none of this comes from people who don't want
to be bothered ever. If they can find an extra 20% of numbers to call
then their budgets for doing this on an internal basis, or their fees
for doing it as an outsourcing operation can be boosted correspondingly.
A report in "Privacy Journal" mentioned that some direct mail marketing
operations in the US deliberately target addresses on the US Direct
Marketing Association's exclusion list because they want to get a number
for the response rate from this very tough market, or because this group
tends to included very well educated people with higher than average
incomes, the most desirable market group.
In my own research about Computer Integrated Telephony I have looked into
the use of either ANI or Caller ID as a way of authenticating the source
of calls for Interactive Voice Response applications. It seems to me that
it would be just as effective as Call Back. It also seemed to me to be
something that would clearly have to be mentioned openly everywhere the
number for the service appeared, since people would have to register their
number with the service beforehand.
The main issue is informed consent.
>
>I use ANI heavily. I use it for internal purposes and to
>protect myself against fraud. Please do not pontificate about how it is
>unnecessary or how it is not effective compared to the "harm" it causes
>until you have my credentials in the use of ANI and about eight years of
>experience in the field of customer-delivered ANI processing.
>
>Dennis is absolutely correct in his assertion that most people do not
>care. Yes, I have extensively observed people's reactions and
>attitudes concerning it. I have yet to find anyone other than
>net.posters who has so much as raised an eyebrow over the issue. I make
>it a point to tell people about the availability of ANI delivery on 800
>numbers, so it is not as though I expect to keep it a deep, dark
>secret. Again, no one is surprised; no one seems to care. With ANI, I
>am able to open accounts on the spot; without it the new customer would
>have to wait some period of time for a validity check. People in the
>real world appreciate that and consider it worth the "privacy"
>trade-off.
>
>> [Moderator's Note: Paying for it or not does not give "carte blance to
>> do anything they want with the callers number" What give them carte
>> blance is the knowledge of the number. Quite simple if you don't want
>> a party to know you phone number don't call them from that phone.
>> ._dennis ]
>
>Did anyone ever hear the fable about the silly women who sat around
>crying because they were afraid that an axe stuck in the ceiling would
>fall and hit someone on the head? When it comes to discussions of ANI
>and Caller-ID we hear endless jawbone-ing about all the what-ifs and
>what we would need to do to prevent them. How about simply using the
>remedies that are available to everyone when harmed by another? If you
>feel that you have action against someone who has made improper use of
>your phone number, then ask for compensation. If he refuses take him to
>court. You cannot prevent every possible harm (real or unreal) that may
>befall someone in this life. You cannot make the world a rubber room.
>
>In that regard, can someone cite one single documented case where
>someone was harmed by either CNID or ANI and took action against the
>number recipient? Is the problem real, or is it arm.chair.fantasy?
>In my experience, the latter is definitely the case. If you have more
>experience than I, let us hear about your case histories.
>
>
>--
> John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
> john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
>
>
--
------------------------------
Date: Wed, 8 Sep 93 02:58 PDT
From: John Higdon <john@zygot.ati.com>
Reply-To: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: ANI
On Sep 7 at 22:44, Kelly Bert Manning writes:
> My wife even survived being raped by a former boyfriend after she gave
> her new address to the BC Moter Vehicle Branch when she moved to Vancouver
> to get away from him in the early 80s. Shortly after that the Victoria
> police started interviewing everyone who knew him when they found him
> living in the apartment of a local college student who had been reported
> missing. He gave us a middle of the night phone call and showed up at our
> previous address shortly after we gave our phone number and address to
> the local public library.
What on earth has this got to do with ANI? I am so bloody sick and
tired of irrelevant emotional claptrap such as this entering into
arguments about a simple, useful service that is in common, everyday
practice. So if the library gives out information about you and it
results in harm, sue the library for heaven's sake. For that matter, sue
an ANI recipient if you are harmed by the simple matter of some company
having the number of the phone you used to make an inquiry or an order.
But you better be able to prove with a proponderance of evidence that
you were actually harmed, not just ticked off. Perhaps why that is why
we never hear of real cases of ANI harm--because there aren't any. (Oh,
Martha, here come the hypotheticals and what-ifs!)
> This has made us acutely aware that any data
> given to anyone can result in him showing up again, with the least consequence
> being that we would have to move again.
If you you call my 800 number and I come and rape your wife, have me
arrested. (Laughable on a number of counts, believe me.) Otherwise,
don't call my 800 number. I doubt if you would be interested in the
service anyway. Perhaps someone at American Express might do you
harm--AE uses ANI extensively. What rot!
> A persons phone number identifies their neighbourhood, down to the area
> served by the local exchange part of their number. This greately narrows
> the geographic area in which a stalker has to look to locate someone.
How many stalkers use 800 numbers to trap victims? Why would you call
800-STALKER in the first place?
> Even if people avoid getting a credit history by paying in cash or check
> as we do, their address is often available from local public records.
What has ANI delivery on 800 numbers have to do with this?
You talk about rapes; you talk about murders--hell, you even talk about
the felony of direct mail. What has ANY of this to do with ANI
delivery? Your entire article was just one emotional sob story after
another and frankly, your point was completely lost on me. In fact,
your whole rambling diatribe was a wonderful example of how the issue
of ANI delivery is a non-issue. You made not one point in any kind of
case against ANI for 800 customers.
> In my own research about Computer Integrated Telephony I have looked into
> the use of either ANI or Caller ID as a way of authenticating the source
> of calls for Interactive Voice Response applications. It seems to me that
> it would be just as effective as Call Back.
Then you better start learning from the real world, Bud. And tell me,
please, how does one "call back" without knowing the caller's number?
I use ANI to verify NEW customers, so pre-registering is out of the
question.
BTW, I try to rape, kill, stalk, and send direct mail to as few of them
as possible.
> The main issue is informed consent.
Fine. You know it exists--don't call 800 numbers. I have seen many
phone books that mention the topic. I sure hope someone else can come
up with something a little more sustantial than your campfire stories.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
Date: Wed, 8 Sep 93 10:36:41 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: ANI
>What on earth has this got to do with ANI? I am so bloody sick and
>tired of irrelevant emotional claptrap such as this entering into
>arguments about a simple, useful service that is in common, everyday
>practice. So if the library gives out information about you and it
>results in harm, sue the library for heaven's sake. For that matter, sue
>an ANI recipient if you are harmed by the simple matter of some company
>having the number of the phone you used to make an inquiry or an order.
>But you better be able to prove with a proponderance of evidence that
>you were actually harmed, not just ticked off. Perhaps why that is why
>we never hear of real cases of ANI harm--because there aren't any. (Oh,
>Martha, here come the hypotheticals and what-ifs!)
Aren't you aware that sueing someone would get the media's attention
and destroy the privacy that you are trying to protect? In this case the
library revised it's system of recording loans so that people no longer had
to write their names, addresses, and phone numbers on a signout sheet. Closing
an avenue for breach of privacy is a lot more effective than sueing someone if
they are willing to acknowledge the issue and take corrective action. In Canada
it is possible to get a ban on publication in a civil suit without the consent
of the other party but I have the impression that this is almost impossible in
the US unless the party being sued agrees.
With regard to suing someone who got a number from ANI, how would an
individual establish that a particular call was the source of a phone number
that got passed along?
Dead people usually don't tell many stories, or bother to sue. The college
student I mentioned in the previous post has never been seen again. It is
possible to put someone on trial for murder without a body, but it is very
difficult to get a conviction.
The Rebecca Schaeffer murder was simply the first one that involved a
prominent celebrity. Similar murders, such as the one of an Arizona woman
didn't rate media attention. Do your research.
This has to do with a phone number being a key which can be used to
identify a persons home address without much trouble. Instead of having
to check every state driver registry a stalker simply has to look at the
list of registered voters in a particular electoral district of a specific
city in one state.
>
>> This has made us acutely aware that any data
>> given to anyone can result in him showing up again, with the least consequence
>> being that we would have to move again.
>
>If you you call my 800 number and I come and rape your wife, have me
>arrested. (Laughable on a number of counts, believe me.) Otherwise,
>don't call my 800 number. I doubt if you would be interested in the
>service anyway. Perhaps someone at American Express might do you
>harm--AE uses ANI extensively. What rot!
This appears to be an attempt to divert the topic to an irrelevant issue.
The issue is that someone who gets a phone number by ANI could anonymously
sell or exchange it with the result that it ends up on one of the CD-ROM
"all USA" phone directories that are sold openly, or on something like the
proposed Lotus home database.
>
>> A persons phone number identifies their neighbourhood, down to the area
>> served by the local exchange part of their number. This greately narrows
>> the geographic area in which a stalker has to look to locate someone.
>
>How many stalkers use 800 numbers to trap victims? Why would you call
>800-STALKER in the first place?
Once again you seem to be trying to divert the topic to an irrelevant and
unlikely branch. As the moderator pointed out earlier in the thread, once
someone has your phone number you have effectively lost all control over
who it is passed along to.
>
>> Even if people avoid getting a credit history by paying in cash or check
>> as we do, their address is often available from local public records.
>
>What has ANI delivery on 800 numbers have to do with this?
As I pointed out above, the phone number identifies the city and state
in which someone lives. Narrowing down the area in which a stalker has
to check public records can give them an address in a few days, instead of
in years.
>
>You talk about rapes; you talk about murders--hell, you even talk about
>the felony of direct mail. What has ANY of this to do with ANI
>delivery? Your entire article was just one emotional sob story after
>another and frankly, your point was completely lost on me. In fact,
>your whole rambling diatribe was a wonderful example of how the issue
>of ANI delivery is a non-issue. You made not one point in any kind of
>case against ANI for 800 customers.
Where did I use any word that described emotions. I though that this was a
rather unemotional repetition of facts.
>
>> In my own research about Computer Integrated Telephony I have looked into
>> the use of either ANI or Caller ID as a way of authenticating the source
>> of calls for Interactive Voice Response applications. It seems to me that
>> it would be just as effective as Call Back.
>
>Then you better start learning from the real world, Bud. And tell me,
>please, how does one "call back" without knowing the caller's number?
>I use ANI to verify NEW customers, so pre-registering is out of the
>question.
The point that you seemed to miss is that I am not some sort of obsessed
person who is trying to outlaw ANI. I feel that I am objective and
rational about the potential benefits, as well as the potential harms.
If all 800 numbers that used ANI warned customers before they called
I would not have much basis to object to it. On the other hand, you
seem to be unable to appreciate anything except the financial benefits
that you get. Telling someone you have used ANI to get their number after
they call you is too late. The time to let them exercise informed consent
is before they call.
>
>BTW, I try to rape, kill, stalk, and send direct mail to as few of them
>as possible.
But is there any law preventing you from selling or exchanging phone
numbers you get from ANI to someone who could put them on a CD-ROM and
sell them to someone who would? You also seem to have forgotten to put
commit arson in the list above. I'm sure that you wouldn't set fire to
an apartment building either.;-)
>
>> The main issue is informed consent.
>
>Fine. You know it exists--don't call 800 numbers. I have seen many
>phone books that mention the topic. I sure hope someone else can come
>up with something a little more sustantial than your campfire stories.
Does your literature or ads mention this to your customers before they call?
------------------------------
Date: Wed, 8 Sep 93 11:10 PDT
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: ANI
On Sep 8 at 10:36, Kelly Bert Manning writes:
> The Rebecca Schaeffer murder was simply the first one that involved a
> prominent celebrity. Similar murders, such as the one of an Arizona woman
> didn't rate media attention. Do your research.
Please share with me one single documented case where a person was
raped, murdered, harassed, or otherwise harmed by a company receiving
real time ANI on its 800 number. If you came up with ten or fifteen I
would probably dismiss it as a statistically insignificant problem. But
I would wager that you cannot come up with ONE.
Until you provide some real evidence of a problem, we have nothing more
to discuss.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
Date: Wed, 8 Sep 93 13:54:04 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: ANI
>
>On Sep 8 at 10:36, Kelly Bert Manning writes:
>
>> The Rebecca Schaeffer murder was simply the first one that involved a
>> prominent celebrity. Similar murders, such as the one of an Arizona woman
>> didn't rate media attention. Do your research.
>
>Please share with me one single documented case where a person was
>raped, murdered, harassed, or otherwise harmed by a company receiving
>real time ANI on its 800 number. If you came up with ten or fifteen I
>would probably dismiss it as a statistically insignificant problem. But
>I would wager that you cannot come up with ONE.
>
>Until you provide some real evidence of a problem, we have nothing more
>to discuss.
>
Your refusual to acknowledge the issue of a company such as yours selling
or exchanging a number says all that needs to be said, just your refusal
to respond to my point about direct marketing organization inflating their
dial lists with thousands of hopeless prospects also says something.
Producing direct proof of an information trail probably wouldn't change
your replies anyways. The tobacco companies are still telling young
children that there is no proven health risk from tobacco.
In any case neither of us appears to be a particularly fresh source of
arguments in what is essentially a repeat of the Caller ID debate. That
debate has resulted in free per call blocking being introduced in every
jurisdiction where it has been introduced in the last year or two. That
gives the best indication of what the public, politicians, and regualtory
officials think of your arguments.
You didn't reply to my question about whether your literature and
advertisments give potential customers advance warning that their number
will be captured and analyzed. Saying that you did this would have gone a
lone way to getting me to drop this.
The CDMA code adopted recently has the benefit of allowing members to avoid
spelling out all the details of their code on advertising and literature.
The code is well known enough that they can simply display the CDMA logo,
just a CERTIFIED General Account or Chartered Accountant doesn't have to
spell out the ethical codes of their professional bodies. Is there any
equivalent body for 800 call businesses? Do they have a mandatory code of
ethics enforced by expulsion?
------------------------------
Date: Wed, 8 Sep 93 14:29 PDT
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: ANI
On Sep 8 at 13:54, Kelly Bert Manning writes:
> Your refusual to acknowledge the issue of a company such as yours selling
> or exchanging a number says all that needs to be said, just your refusal
> to respond to my point about direct marketing organization inflating their
> dial lists with thousands of hopeless prospects also says something.
I don't trade in such information, so what needs to be acknowledged?
Your comment about direct marketing organizations neither addressed any
pertinent issue, or did it carry any other significance. What do you
care about inflating dial lists with hopeless prospects? Are you the
direct marketing efficiency police?
> Producing direct proof of an information trail probably wouldn't change
> your replies anyways. The tobacco companies are still telling young
> children that there is no proven health risk from tobacco.
What a cheap shot. Try me and see. How can you compare the total lack
of any evidence to support your point with the mountains of data from
cancer research? You have yet to give me anything to discount, deny, or
refute.
> In any case neither of us appears to be a particularly fresh source of
> arguments in what is essentially a repeat of the Caller ID debate. That
> debate has resulted in free per call blocking being introduced in every
> jurisdiction where it has been introduced in the last year or two. That
> gives the best indication of what the public, politicians, and regualtory
> officials think of your arguments.
No, it is an indication of the politization of regulatory boards and an
indication of how the squeaky wheel gets the grease. The Antis are
louder than the Pros. There has been no debate; the fact that you think
there has tells me that you are not coming from any position of
substance. What there has been is a shouting match where CNID
proponents are expected to prove a negative. If the
anti-CNID people had to prove harm (from the experience of CNID in this
country so far) there would be no issue to discuss.
But I have something you and others like you do not have: direct
hands-on experience in the industry and direct experience with ANI
implementations. At least I am within handshaking distance of the
beast. You spout nothing but hypothetical drivel.
> You didn't reply to my question about whether your literature and
> advertisments give potential customers advance warning that their number
> will be captured and analyzed. Saying that you did this would have gone a
> lone way to getting me to drop this.
I don't have literature. I have a small classified ad. There is no room
to make any such statement. But who cares? Is the issue the fact that I
CAN get the number or that I am doing something harmful with it? I use
it for one purpose only: to protect myself against fraud. I fail to see
how that is harmful to the caller and I fail to see why I need to make
an issue of it to the caller. Are you whining because you want the
option of crank-calling businesses with impunity?
> Is there any
> equivalent body for 800 call businesses? Do they have a mandatory code of
> ethics enforced by expulsion?
No. And no one, including you, has demonstrated any need for such.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
Date: Thu, 9 Sep 93 00:57:46 PDT
From: Kelly Bert Manning <ua602@freenet.victoria.bc.ca>
Subject: Re: ANI
In a previous note Kelly Manning and the moderator say:
>
>"I know where you live." has become something of a cliche, but it is based
>on a grim reality that most people understand without having it spelled
>out for them.
>
>Some claim that the high level of demand for Caller ID shows that the
>public doesn't care about phone number privacy. The statistics for unlisted
>numbers show quite the opposite. "Privacy Journal" recently published a
>table of these for a number of US Cites. Rates ranged from the 30%s in
>places like Seattle to over 60% in Los Angeles. Should Caller ID even
>be offerred in cities where about 2 out of 3 home numbers/addresses are
>unlisted?
>
>[Moderator's Note: You're making a big jump going from ANI to privacy in
>general. I just took a short poll of 10 of my coworkers. None of them
>knew about ANI delivery and none cared either. As John Higdon says, it
>just a phone number. ._dennis ]
If you are going to do a straw poll you should check that the % of
unlisted subscribers in your sample is representative of your area.
Just an unlisted phone number is it?
Let me spell it out. The area code part of your phone number identifies
which country and state you live in. The first 3 digits after the area
code tell what part of that state you live in, down to a particular
neighbourhood of your city.
Just the fact that you live a state like California or Arizona that sells
addresses in Driver Registry Files can be enough to reveal your home
address. The exchange code ties your address down to a particular part
of your city. Someone might have to spend months or years going through
unavoidable public records, such as voter's lists and property tax rolls,
to find a particular name. If they know which exchange your number is
on it greatly narrows the scope of the search, to a particular voting
district, or to a particular city within a metropolitain area.
Our PM just called a federal election this morning. The evening news in
Vancouver reported that one parties office had already been broken into.
The thieves took the computers, of course, but left a lot of software
diskettes around. What diskettes they did select happened to be the
ones with a copy of the voter list. Given the current slate of leaders
I would seriously consider buying out of being listed by choosing not to
vote.
The combination of knowing which neighbourhood someone lives in, combined
with legal or illegal access to public record information, puts some people
at risk.
[Moderator's Note: ANI really doesn't contribute to it. You can get the
same information when somebody mails you a letter from the return
address. 800 numbers are mainly used by businesses, for the most part
they are used immediately then tossed. Rarely, are they used for
telephone call backs. I have a residential 800 number, I don't get real
time ANI, I do get a bill which every number who call me. A unlisted
number means that number is not given out to directory assistance or
published in the phone book. I have to agree with John, you are building
a straw man about a person being raped or murder on the basis of someone
getting a phone number by ANI.
None of the people I polled had an unlisted number.
._dennis ]
------------------------------
End of Computer Privacy Digest V3 #026
******************************