Customer Activated Malicious Call Trace

Robin Whittle - 17 December 1996
Keywords: privacy, telecommunications, Australia, malicious call trace

Note 19 October 2005: The following page and the pages it links to are old, but hopefully still relevent in principle.  They used to be at .

To the main Malicious Call Trace page.  To the issues page of this site.  To the telemarketing pages of this site

The situation in the USA

This is the second mailout I made to people interested in the malicious phone call problem. 

Customer Activated Malicious Call Trace - US arrangements

17 December 1996

Robin Whittle

To people who I think are interested in the problem of malicious
phone calls. Nothing urgent - especially this close to Christmas!

I hope to raise awareness of these issues and improve my
understanding. I am doing this as an individual, but my
organisation, Consumers' Telecommunications Network, is one of
many (including the TIO, the Commonwealth Ombudsman, the Privacy
Commissioner's office, DoCA and the AG's Dept.) which has either a
formal or an informal interest in the problem of malicious calls.

Of course the carriers have an interest in deterring malicious
callers (Crimes Act 85ZE) and facilitating the detection of those
who persist:

1 - To minimise their own costs of complaint handling and

2 - To improve the lives of their customers (and so greatly
enhance the company's public standing).

3 - To meet their carrier licence requirements (1991 Telco Act
section 63 (4) m) to "give officers and authorities of
Commonwealth, State and Territory such help as is reasonably
necessary to enforce the criminal laws . . . "

I would like Customer Activated Malicious Call Trace to be
considered by both AUSTEL's Privacy Advisory Committee and their
Law Enforcement Advisory Committee.

With suitable administrative arrangements, I believe it should
be made generally available on analogue phone services (the modern
exchanges of Telstra and Optus are capable of providing it), as well
as on the ISDN and GSM services where it is already technically
available, but generally not being used at present due to lack of a
proper privacy and administrative framework.

This is an excellent means of deterring all forms of malicious calls
- both those which are made repeatedly to one victim and those which
are made just once to each victim.

I have placed on my web site:

* A Word document with a table comparing Customer Activated Malicious
Call Trace with Calling Number Display. While CND has some positive
applications, it is generally useless for deterring or detecting
malicious calls, while CAMCT is excellent.

* Some research based on web searching for "customer originated" and
"call trace". This has links to:

12 Analysis and policy resources.
13 Technical resources.
43 Telephone companies who offer "customer originated call
trace". (Mainly in North America and the Caribbean.)

Sometimes it is free per activation, but often there are charges per
activation, from $1.50 to $10, perhaps with a maximum fee per month.
Generally the service must be enabled by customer request, but some
companies make it available to all customers by default.

At present, I favour an opt-in arrangement, with little or no charge
to enable the service, with a moderate per-use activation fee, maybe
$5 - perhaps refundable if the problem is deemed to be genuine by
investigators or the Police. This deters frivolous use of the
facility and helps Carriers recover costs. However it could be argued
that the recorded announcement offers sufficient protection against
accidental activation, and so that it should be made available to
all customers with an "opt-out" provision for those who for some
reason did not want it to be possible to activate from their service.

Here is some information which summarises the arrangements for
"Customer Originated (Malicious) Call Trace" from a correspondent in
the USA - Joe Narun.

- Robin

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description of US arrangements

{From Joe Narun <> sent to me 22 November 1996
in response to my request on Usenet newsgroup
for information on malicious call trace. Apart from notes in braces,
this is all Joe's text.}

Customer-activated malicious call trace (MCT), a switch-dependent feature,
is widely available on newer the CO switches/upgrades of major
manufacturers. {"CO" is US terminology for "Central Office" - the main
telephone exchanges. Switch = exchange.} The economics of CO equipment
deployment translate to MCT's widespread availability in most major US
metropolitan areas and their commuter suburbs.

The procedures by which MCT is administered are determined by each state's
public utility commission (PUC). (As you may be aware, PUC is a term of art;
many states style their commissions quite differently -- e.g., Illinois' PUC
is the Illinois Commerce Commission, Maryland's PUC is the Maryland Public
Services Commission). Because the telcos, switch OEMs {telephone exchange
manufacturers}, and PUCs work together closely (and sometimes incestuously
so), variations in MCT administration are likely to be quite minor.

Here's how the typical MCT is administered:

o Charges are incurred on a per-incident (usage) basis.
-- As tariffed by PUC, typically US$5-$7

o Unique feature code is assigned for MCT operation.
-- For most telcos, 2 digits prepended by the * key (e.g., *78)

o Telcos advertise the availability/usage of MCT.
-- As agreed with PUC (see recorded message, below)

o Customer initiates MCT immediately after receiving the offending call.
-- Per limitations of currently deployed technology

o Recorded messaging detailing MCT operation is played:
-- MCT data shared ONLY with local police
-- No MCT data available to customer
-- Customer required to file report with local police
-- Police then receive MCT data
-- Charge specified for using MCT
-- MCT usage charge nonrefundable (even if no police report is filed)
-- MCT charge to be added to phone bill

o Customer is asked for assent to use MCT per above terms/conditions:
-- By entry of specified digit(s); or
-- By speaking specified phrase (e.g., Yes, I agree)

o If customer assents, a recorded message is played:
-- MCT data now stored
-- Reminder to file report with local police

o If customer fails to assent, a recorded message is played:
-- MCT data now won't be stored
-- Option to give assent (return to assent queue)

o MCT process completes:
-- Customer requested to hang up
-- Auto-disconnect per usual timeout (CO supervision)

PUC rules require the telco to store MCT data for a defined period (e.g., 10
business days) while awaiting receipt of a formal request from the local
police. Should the telco fail to receive such a request within the allotted
time, most PUCs simply provide that the telco no longer store the MCT data.
(I'm unaware of any PUC rules relating to the assured deletion/scrubbing of
MCT data; though some may exist.)

What happens after the local police receive the MCT data largely depends on
several interrelated factors, chiefly:

o Staff and budget for pursuing such complaints.

o Department policy for handling such complaints
-- Single vs. multiple filings of same/similar report

o Existence of court orders pertaining to complaintant/offender
-- Divorce and domestic violence
-- Stalking and harassment
-- Other statutory injunctions

o Community status and/or persistence of complainant.

o Ability to identify and locate offender.

o Community status and/or whereabouts of offender.

o Media involvement/interest (or lack thereof).

o Applicable rules/law governing complainant's right to information
-- Police report available on request
-- Case data available on formal filing

o Complainant's willingness/ability to seek out all available information.

Within each state, an entirely different set of rules apply when
complainants are local and state officials, as well as civic and business
leaders. In these cases, MCT data are typically shared with the state police
-- who can complement, supplement, or entirely replace the local
authorities' efforts.

And if the complainant is a federal official, or a nationally prominent
civic or business leader, then MCT data may also be shared with federal
authorities (mainly, the FBI). If the complainant is a federal employee at
virtually any level, there may be grounds for pursuing the offender under
federal law (e.g., threatening an employee of the federal government).

Similarly, if the complainant (especially, but not solely, one of high
status) identifies the offender as someone already known to the government
in other contexts (e.g., organized crime, drugs/gangs, smuggling, foreign
agent), then MCT can also be shared with various federal agencies and their
enforcement arms.

Therefore, once the local police have received MCT data, they are expected
to share that data -- upon request -- with their counterparts at the state
and/or federal level. Local police are under no obligation to notify
complainants about such sharing of data. In fact, most police departments
cloak their interagency dealings as highly confidential "police business."

If a complainant should learn that MCT data are now in hands of state and/orfederal
authorities, then new avenues of applicable law/rules are open to
exploration. This is especially true at the federal level, where Freedom of
Information statues and related case law are well developed.

Conversely, the offender can also make use of these same laws/rules. But as
a practical matter, few complainants (and even fewer offenders) avail
themselves of these rights.

Given the nature/scope of crime with which local police must deal -- no less
the average citizen's desire to have as few dealings as possible with the
police -- it's difficult to imagine casual/routine use of MCT among the
general population. The relatively high per-incident charges and the
inability to directly access MCT data further help ensure that MCT will be
used sparingly, if at all.

{End of text from Joe Narun.}

To return to the main index file in this directory, which has links to other files and to sites of phone companies who provide Customer Activated Malicious Call Trace, click here