TUCoPS :: Phreaking Caller ID :: caller.txt

Comments on Caller ID services

Better a bottle in front of me than a frontal lobotomy.



         Statement by Martin Winter, before the Joint Public Hearing
              Assembly Consumer Affairs & Protection Committe
          Assembly Corporations, Authorities and Comissions Committe
                 Assembly Task Force on Telecommunications
                    Senate Consumer Protection Committe





     I would like to thank Mr. Nadler, Mr. Siegel, Senator Levy, and
 Senator Brennan for allowing me the opportunity to address my concerns
 about the privacy of telephone subscribers to them, both as a private
 citizen and as the President of the New York State Systems Operator's
 Association ( here after known as "The Association"). Since many of my
 concerns as a private individual overlap those of the Association I
 would like to make a few general remarks concerning what is usually
 referred to as "Caller ID and then address the list of issues published
 by the Senate and Assembly committees.

     "Caller ID" appears to be what is known as a "trap and trace"
     device. Title 18, United States Code Chapters 119, 121, 201, and
     206, also known as the Electronic Communications Privacy act, and
     which I will hereafter refer to as the "ECPA" defines a "trap and
     trace" device as:

        a device which  captures the incoming  electronic
        or other impulses which identify  the originating  
        number of an instrument or device from which a
        wire or electronic communication was transmitted;
  
Since Caller ID has the ability to display the number of the telephone
from which a call originated and record that number it would certainly
seem to fit the ECPA's definition of a "trap and trace" device. Further
the ECPA limits those circumstances in which a device of this type can
be used. Chapter 206, section 3121 of the ECPA states:

    (a)  In  General.-Except as provided in this section, no 
         person  may install  or use a pen register or a trap
         and trace device without first obtaining a court order
         under section 3123 of this title or under  the Foreign  
         Intelligence Surveillance Act  of 1978  (50 U.S.C. 1801
         et seq.).

     (b)  Exception.-The prohibition of subsection (a) does not
          apply with respect  to the use of a pen register or a
          trap and trace  device by a provider of electronic or 
          wire communication service-

          (1)  relating to the operation, maintenance, and testing 
               of a wire or electronic communication service or to   
               the protection of the rights or property of such 
               provider, or to the  protection  of  users of that  
               service  from  abuse  of service or unlawful use of 
               service; or

          (2)  to  record the fact that a wire or electronic  
               communication was initiated or completed in order
               to protect such provider, another provider furnishing 
               service toward the completion of the wire communication,  
               or a user of that service, from fraudulent, unlawful  
               or abusive use of service; or with the consent of the 
               user of that service.

     (c)  Penalty.-Whoever knowingly violates subsection (a) shall be 
          fined under this title or imprisoned not more than one year, 
          or both.

With this in mind it would appear that the use of Caller ID would be
limited only to Police, Fire, Hospital Emergency Rooms, Poison Control
Centers, and other Emergency Service Providers for the purpose of
identifying the telephone number and address from which a telephone call
originates in the event that the caller is not able to provide this
information; residential subscribers who wish to maintain the privacy of
their telephone line by knowing who is calling or from what number a
telephone call has orig inated; those subscribers, both residential and
business, who have received harrassing, threatening and/or obscene
telephone calls and wish to identify the number from which these calls
are originating for the purpose of criminal and civil prosecution; and
those business and residential subscribers like myself and other members
of the Association who operate an electronic data communications service
or hobby type computer bulletin board for the purpose of identifying the
origination of telephone calls in or der to maintain the security of the
system and the privacy of our users.

   With regard to the technology involved in offering the Caller ID
   service, I am not an expert in the design of telecommunications
   systems and would prefer to leave the explanation of this technology
   to New York Telephone itself.

   With regard to the potential benefits to those customers who chose to
   subscribe to Caller ID, both with and without the blocking of the
   caller's telephone number I would like to make the following points:

     1: Emergency Service Providers who use Caller ID systems would 
        have the ability to dispatch emergency units to the scene even 
        if the caller was unable to provide their location. This system 
        is currently in place in the form of an augmented 911 emergency 
        telephone system in a number of cities throughout the country 
        and has been credited numerous times with saving lives that 
        might otherwise have been lost due to the callers inability to 
        identify their location. At the present time, many Emergency 
        Service Providers in New York State have no way of identifying 
        the location from which an emergency call originates. If the 
        caller is a young child who cannot tell them where he is, a 
        person who speaks little or no English, or a person who is 
        incapacitated or so upset or excited that they cannot identify 
        their location this can and has lead to delays in the arrival 
        of emergency personnel that has resulted in loss of life and 
        property that could have been avoided had the Emergency Service 
        Provider been able to identify the location of the caller. 

     2: Without "blocking" residential customers would have the ability 
        to screen incoming telephone calls by looking at the 
        originating number before  they answer the call. This would 
        allow them to know before hand if the incoming caller is 
        someone with whom they wish to speak. 

      3: Without "blocking" residential and business customers who have 
         received telephone calls of a harrassing, threatening and/or 
         obscene nature would have the ability immediately provide law 
         enforcement agencies with the number of the telephone from 
         which the calls originated. In those area where Caller ID is 
         now offered the number of calls of this nature has been 
         reduced.

      4: A group of teenagers uses a home computer to break into a 
         banks computer and obtains several credit card numbers which 
         they then use to go on a spending spree. A college student 
         majoring in Computer Science writes a program that, when 
         inserted in a computer network using a specific software 
         program, replicated itself to the point where the network can 
         no longer be used. A group of computer users in West Germany 
         manages to infiltrate a highly sensitive computer network and 
         then proceeds to gather as much classified information as 
         possible, then makes that information public in an effort to 
         show how easy it was to get it. All of these incidents have 
         been in the news in recent times.  Those customers who operate 
         electronic data services, or hobby type computer bulletin 
         board services are very sensitive to the issues these 
         incidents raise with regard to the security of the information 
         on their systems. Caller ID would make it Possible for 
         electronic data services and hobby bbs systems to immediately 
         know if their security system had been breached or bypassed. 
         Most of the systems that I have used or operated allow the 
         System Operator (or SYSOP), to see information about the 
         caller displayed on his computer terminal as the user logs on 
         to the system. This information usually includes the callers 
         name, or the name by which he is known on the system, the 
         callers password and the caller's telephone number. A SYSOP 
         who is monitoring a caller's activity would be able to see 
         immediately if the call is originating from the location 
         initially given by the caller. Those calls which are 
         originating from the caller's listed location would require no 
         further monitoring as it is fairly certain the the caller is 
         who he claims to be. Those calls which come from a location 
         the does not match the listed location could then be monitored 
         to determine if the caller is who he claims to be and for any 
         activity which would compromise the security of the system or 
         the privacy of the users. 

            I cannot emphasize how important this feature would be to 
         those customers who operate an electronic data transfer 
         system. Recently my own BBS almost fell victim to what I 
         would term a "computer delinquent". This person uploaded a 
         program to my system that was designed to destroy a section of 
         my computer's memory when used. Prosecuting this individual is 
         going to be difficult because, even though I have a complete 
         log of the activities of all the users on the day he 
         transferred the program to my system, I do NOT, however,  have 
         absolute proof that the call originated from the number that 
         owner of the account used in the transfer of this program gave 
         me when he requested access to my BBS. The ability to identify 
         the location of an incoming call would be invaluable to 
         maintaining the security of electronic Banking systems and 
         information clearing houses. With this system in place and 
         properly used it would substantially reduce the number of 
         incidents of unauthorized persons gaining access to 
         information on a multitude of electronic data systems. 
         Incidents such as I have just described would be reduced or 
         eliminated entirely. 


   All of the advantages I have outlined above would be available to the
   consumer only if the blocking of calls were not allowed. While I do
   believe that we all have the right to privacy as it regards our
   telephone number, and I also feel that those people who are currently
   paying for an "unlisted" or "non-published number" should have the
   right to maintain the privacy of that number, I also feel that there
   are some circumstances where blocking should NOT be allowed.
   Specifically those instances are:
          
          1: Calls made to an Emergency Service Provider. I think that 
             most people would agree that the ability to respond to an 
             emergency call, and the potential for loss of life or 
             property out weighs the callers need or desire for 
             privacy. 

          2: Calls which are made to residential or business 
             subscribers who have been receiving calls of a 
             threatening, harrassing, or obscene nature. In these cases 
             there should be a way to over-ride call the blocking of 
             the display of the incoming number, but such an over-ride 
             capability should be avialable only on the request of an 
             investigating authority. Further such a request should 
             only be made if it shown that the calls are originating 
             from a number which is blocking the display of the number, 
             and  the over-ride should only be allowed until such time 
             as the individual making these calls is caught.

          3: Calls made to electronic data services and computer BBS 
             systems. Those who provide such services should have the 
             ability to over-ride the blocking of an incoming number. 
             This is not a stand that I take lightly. While there is 
             the potential for abuse of this ability I feel that there 
             are several factors which mitigate in favor of the 
             over-ride of number blocking in this instance. First, many 
             electronic data systems contain information of a sensitive 
             or classified nature. Many banks now keep records of all 
             their accounts on computer systems. These systems both at 
             the local branch office, and the main headquarters can and 
             do communicate with each other automatically over the 
             telephone lines. As I have already outlined there have 
             been instances where unauthorized persons have managed to 
             gain access to these computer systems and make use of the 
             information contained on them. Further, those persons and 
             businesses which operate such systems are currently 
             subject to the provisions of the ECPA with regards to the 
             disclosure of any and all information contained on their 
             systems. Briefly, operators of electronic communications 
             systems, whether it be a national banking corporation 
             operating a nationwide computer banking network, or the 
             kid down the street who has 22 users on a BBS system that 
             operates for 3 hours a day, cannot divulge any of the 
             information on their system to anyone other than a law 
             enforcement agency acting under court order, or the user 
             of the account in question. To do so would be a violation 
             of the ECPA and would subject the operator to a fine of up 
             to $10,000 and up to five years in jail for each 
             violation. The potential harm that could result from an 
             unauthorized person gaining access to such a system is 
             enormous. A virus or "bomb" type program, if inserted into a 
             computer network, could completely destroy the ability of 
             that network to function, or even destroy all the data 
             contained on that network. If this network were that of a 
             bank it could effectively  leave depositors penniless until 
             the bank could recreate the records. 


   With regards to the drawbacks of Caller Id, I do agree that there may
be some problems associated with the technology as it affects a callers
privacy, but I also believe that if number blocking is allowed in all
but the circumstances I have already outlined then the problems
associated with Caller ID will be minimal. In the information that the
Assembly and Senate committees published concerning this hearing they
specifically mention banking and housing "red-lining" as one of their
concerns. In order to discuss this we must first understand a little bit
about how telephone exchange numbers are allocated to an area. In order
to provide service to an area the telephone company uses what they call
a "Central office". Each central office is set up to serve a specific
area and all calls going to or from this area are routed through that
office. In addition each office has a number of "exchanges, the first
three digits of a number after the area code are the exchange. How large
or small an area s central office serves is determined by the population
density of that area. In New York City, for example there are central
offices that serve only a few square blocks. In other areas, such as the
northern section of the 518 area code, a central office may serve an
area as large of 100 square miles or larger. In a densely populated area
an exchange may serve an area of only one or two blocks, while in a
sparse;y populated area it may serve an area as large as that which the
central office does. As an aid to the practice o f "red-lining" in
housing or banking Caller ID would only be practical in an area of high
population density, in an area of low or median density, such as the 518
area code, an exchange number could conceivably serve customers who are
as much as 10 miles apart making it impossible to tell exactly where the
call originates from without the aid of a numerical directory. Further,
Caller ID would also act as an aid in detecting the practice of
red-lining as it co uld easily be determined if calls originating fro m
a neighborhood or exchange are being answered. In addition, since Caller
ID appears to regulated by the ECPA it would subject those who use it to
accomplish red-lining the penalties provided by the ECPA in addition to
those already provided for in the Fair Housing Act and the Fair lending
Act.
 
   Potential does exist for the use of Caller ID as a means of
   identifying previously anonymous customers for the purpose of later
   solicitation, but again, such use is already clearly prohibited by
   the ECPA.

   With regard to the blocking of caller telephone numbers by Caller ID
I feel that blocking should be allowed in all but the cases I have
already outlined. Further blocking should be allowed on both a call by
call basis and as part of a service which will premanently block the
display of the number. Display of an incoming callers number should be
allowed for only in those instances where a significant risk to life and
or property is at stake. In addition I feel that certain numbers, such
as those of batter ed women's and children's shelter's, should be
blocked in all cases except where blocking the number would result in
significant risk to life and/or property.

   With regard to other technologies which would compliment Call
   blocking. again I would prefer to defer to those who design and
   market such items.

   With regard to the blocking or disclosure of unlisted and
   non-published numbers, such numbers should normally be blocked from
   being displayed under most circumstances. Again, in cases where a
   significant risk to life and/or property would result blocking should
   be over-ridden.

   WIth regard to the privacy of an individual as the receiver of a
telephone call I think we need to keep the following in mind. As a
subscriber of New York Telephone I have a telephone in my home. Since
that phone is in my own home the right of privacy attached to the house
should extend to the use of the telephone. I have the right and the
ability to see who is at my front door before I open that door and allow
entrance to my home. The same right should extend to my ability to know
who is calling me on m y telephone. If I do not wish to let a person in
my house because he refuses to identify himself to me I have that right.
i should also have the right to not answer my telephone if a caller does
not want his number identified. As a visitor to another's home the
homeowner has the right to refuse me entrance if I do not identify
myself to him, the same right should apply to his telephone.

   With regard to balancing the individuals right to privacy both as a
maker and receiver of telephone calls, I would hope that what I have
already said has done so. We are dealing with a new technology. It is
only recently that the ability to identify a caller before answering the
telephone has become available. The issues which I have attempted to
address. however, are not new, they have been in existence for as long
as the United States has. We have a right to privacy in our own homes,
and we have the ri ght to maintain that privacy be reasonable means. If
Caller Id is implemented in a manner that is consistent with what I have
just outlined then it's use should be able to insure the continuation of
the right to privacy without unwarranted intrusions. To sum up briefly,
in order to insure the telephone customer's right to privacy Caller ID
would have to allow for the following:

   1: The display of a caller's telephone number in those circumstances 
      where blocking the display would result in a significant risk to 
      life and/or property.

   2: The display of the number top those persons who operate 
      electronic data services, data clearing houses of computer 
      bulletin board systems, where such display is for the purpose of 
      insuring the security of the system, the security of the data on 
      the system and the privacy of the users accounts.   

   3: The display of a caller's number in those instances when the 
      making of threatening, harrassing and/or obscene telephones is 
      being investigated, provided that such display is requested by a 
      duly authorized investigative agency, that it has been shown that 
      the calls are originating from a number that is blocked from 
      display, and that such ability to use blocking will be restored 
      when the person making the calls is apprehended.

   4: Display blocking will be made available to those customers who 
      currently have an unlisted or non-published number as a part of 
      that service.

   5: Display blocking will be automatically disabled when calls are 
      placed to Emergency Service Providers or others who have a valid 
      need to display the number of each incoming caller.

   6: That the numbers of battered women's and children's shelters 
      shall be automatically blocked from all but Emergency Service 
      Providers.

   7: That all business customers electronic data system operators who 
      subscribe to Caller ID are made aware in writing that disclosing 
      the number of an incoming call is a violation of the ECPA and 
      that such disclosure may subject them to severe penalties.

If Caller Id is offered with these protections in place it should fairly
balance the privacy of both the caller and the person receiving the
call.


***** NOTE FROM TOMMY *****

It is my opinion that an eighth protection should be put into place for
the protection of those subscribing to Caller ID:

   8: That the Caller-ID subscriber may, at his option, block incoming
   calls from callers employing Caller-ID blocking.

This option will protect those who wish to have *ALL* incoming calls
identified.  The idea is, if you won't identify yourself, I don't want
your call.  Tommy's Holiday Camp Remote Online Systems will subscribe to
this particular option should it become available in British Columbia.
This will ensure that users' accounts are 100% secure and eliminate
"spoofing" or users posing as other users, and eliminate the need for
Voice Validation.  Think about it.  From a hacker's point of view,
Caller ID is a catastrophe.  From a BBS sysop's point of view, it is his
salvation.

***** TOMMY OUT *****


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH