Comparing Customer Activated Malicious Call Trace and Calling Number Display as defences against malicious calls
Robin Whittle 17 December 1996
Note 19 October 2005: This was originally a Word file athttp://www.ozemail.com.au/~firstpr/mct/cnd_mct.docTo the main
page for Ad-Hoc,
(AKA Customer Activated) Call Trace.
This table was first written around 1992 - referring to "Ad-Hoc Call Trace" - Telstra's (Telstra was then called "Telecom") term for what I am now referring to as "Customer Activated Malicious Call Trace". That table, and accompanying text and diagrams was part of my submissions to the Austel Privacy Inquiry. I updated the table on 17 December 1996.
The Australian debate about Calling Number Display has been conducted in something of a vacuum - hardly anyone knew that there was a much better way of detecting and deterring malicious calls than the traditional methods, which are only appropriate for repeated calls to the one victim over a long period of time. For instance, the researchers who analysed Telstra's Wauchope CND trial were unaware that modern telephone exchanges have the capacity to trace the source of calls for investigators when the victim activates that function of the exchange. Neither were Wauchope residents told of this potential - which is feasible in any exchange modern enough to support CND.
The following table depicts the distinctions between CAMCT and CND. These are not mutually exclusive options. The best option is probably to have CAMCT for deterrence and defence against malicious calls, with Opt-In CND which can be used for positive purposes - enhancing trust and productivity - whilst avoiding the complications of using it as a defence against malicious calls.
In the following examples, CAMCT is assumed to be applicable to malicious calls - "harassing, threatening and offensive" as defined in section 85ZE of the Crimes Act 1914 as amended. CAMCT could also be used to help investigators (especially the TIO) track down telemarketers who abuse guidelines - particularly those who are SUGgers (Selling Under the Guise of Market Research). SUGgers and some other telemarketers violate other laws which protect consumers from false advertising and exploitative business practices. Extension of the use of CAMCT into areas other than malicious calls needs to be thought about carefully and I am not advocating it here. However CAMCT has obvious value in deterring and detecting telemarketers who violate "don't call" lists or other consumer protection laws or codes-of-conduct - and who would otherwise be hard to identify or deter. (There is a way of handling this administratively - under amendments to the 1992 telco act, the Carriers can give call information - ie. Caller's number - to the TIO if it relates to a complaint the TIO is investigating. I don't know how the 97 legislation compares in this respect.)
Customer Activated Malicious Call Trace has few disadvantages or uses beyond deterring or detecting malicious calls. It could be extended to cover other kinds of unwanted call but this would require consideration of the resultant benefits and privacy and usage complications.
Calling Number Display has significant positive uses, including aiding customer service on incoming calls to businesses, building trust between a business and customer when orders are being placed by phone, and helping people decide whether to answer calls depending on the displayed number. CND has many problems however. (See http://www.ozemail.com.au/~firstpr/cnd/ ) Most obvious is that people could accidentally, or out of some obligation, divulge their phone number (and hence their identity) to people who misuse this information. The advantages of CND are easily overestimated - for instance many people feel it would be useful at keeping telemarketers or malicious callers at bay - but how could this be true unless you refuse to answer any call which lacks a displayable number (including those from payphones) and if you have a way of recognising the numbers of the callers whose calls you do not want to answer?
Question |
Customer Activated Malicious |
Calling Number Display |
Can a
malicious caller avoid their number being captured or displayed? |
No. |
The CND
service has no effect on the capture of numbers in CAMCT.
In
Opt-Out or Opt-In CND, the Caller will be able to control whether their
number is sent to the Receiver's display. |
Is the
number available to the person who receives the call? |
No - it
is only available to investigators. Depending
on the administrative arrangements, these may be the Police, Carrier
staff or perhaps staff of a specialised investigative agency. |
Yes, the
person sees the number - while the phone is ringing. |
Is the
number useful for prosecuting malicious callers? |
Yes -
because it is captured and recorded by the Carrier's
equipment. This constitutes solid, objective
court-admissible evidence of the source of the call. |
Not
directly - the number is only visible to
the receiver of the call. No objective
record of it remains. In addition, with Mode 4 CND, the other party to
a call could create any message they like with a modem and relatively
simple computer software - so even solid evidence that a CND box
contained a stored number, date etc. could be challenged in court as
not necessarily resulting from signals generated by the telephone
exchange. |
When is
the number captured / displayed? |
Captured
after the person has hung up on the malicious caller. (ISDN MCT
captures it during the call.) |
Displayed
before the call is answered. |
What
does it cost? |
Nothing
to enable the service. A small fee - such as $5 - per use is charged to
deter frivolous use. Depending on the
administrative arrangements, this charge is waived if investigators
deem the call to be malicious. There are a wide range of
charging schemes in North America - ranging from free, through US $1.50
or so per activation, to US $10 per activation. Some
states have a limit on the charge per month. |
Between
$100 and $150 per year fee for the display service? Plus the
cost of one or more display devices - perhaps $80 to $200 or phones
with display facilities. |
Is any
special equipment needed? |
No, but
if the activation number includes a # or a *, then a tone dial phone
must be used. Generally, in addition to a tone dial activation number,
such as "*57", a pulse dialable number such as 1157 is provided. |
Yes -
display devices or phones with a CND display capability. |
Is it
useful if people have several phones - such as extensions or portable
phones? |
Yes. It does not matter how the call is answered. All that matters is that the activation number
be dialled before another call comes in. |
CND is
only useful as a defence if you look at the
display device before deciding whether to answer and if
you can make a useful decision based on the number (or lack of number)
about whether to answer or not. Unless there is a display device by
every phone - or built into cordless handsets, then the Receiver must
get themselves to a display device as quickly as possible so they have
time to look at the number (or message that the call is "P" Private =
Caller restricted the display of their number, or
"O" Out of area = the network was unable to supply a displayable
number, or the call came from a payphone.) |
Question |
Customer Activated Malicious |
Calling Number Display (CND) |
Does it
deter malicious callers? |
Yes -
because they know their number - or public phone box location will be
captured instantly and forwarded to professional
investigators - including the police. |
No - a
malicious caller will not allow the display of their number. |
In using
it as a defence, is there any need to change the way we answer the
phone? |
No. |
Yes -
for CND to be a defence, we must refuse to answer calls without
displayable numbers (including those from phone boxes, those which
originate from numbers outside the CND area and those for which the
Caller has decided - per- line or per-call not to allow the display of
their number) as well as refusing to answer calls with numbers we do
not recognise. This is likely to result in
repeated call attempts - with consequent ringing of the phone. Such repeated call attempts tie the service up
from accepting calls which the Receiver would in fact want to answer. |
Does
using it as a defence cause difficulties for the person receiving the
calls? |
Only
after a malicious call is received - a
call must be made to dial the activation number (potentially costing
~$5) and to report the call to the investigators. There is no burden whatsoever
for answering all normal calls. |
Yes -
they must change their entire approach to answering the phone - in a
way which may stop them answering calls from friends and relatives in
phone boxes or at unusual locations. |
Does
using it as a defence cause difficulties for ordinary Callers? |
No. |
Yes.
They must allow the display of their phone number, and be calling from
a number which the person is expecting a call from. The resultant
display may lead to unwanted call-backs and a number of other problems
- such as misuse of the Caller's number, including linking it to their
name and address with a reverse directory CD-ROM. Another problem is unwanted
flows of information between individuals in the Receiver's household -
or the Caller's household if there is a return call which is answered
by someone else. (There too many privacy,
social and confusing telephone usage problems with CND to list here.) |
Do we
need to change our existing patterns of phone usage? |
No. |
Yes - as
above. |
Question |
Customer Activated Malicious |
Calling Number Display (CND) |
How does
it affect Carrier revenue? |
Activation
fees should recover some of the costs or perhaps turn a profit after
all administration costs are considered. Ideally, the system would be an
excellent deterrent and the number of malicious calls and hence CAMCT
activations and subsequent complaints to investigators/Police would be
minimal. So ideally the administration costs and the revenues would be
low. According to
http://www.dimensional.com/~jericho/www/ess11.htm ,Customer Originated Trace s one of the
Revenue Generating CLASS features developed
by AT& T. The main benefits lie in
reduction of malicious call complaints - which are labour intensive to
process and generally very negative for the company's public standing,
since without CAMCT, they are generally expensive or impossible to
investigate. There may also be a reduction in
complaints from non-malicious unwanted calls too - which will probably
be deterred by CAMCT even thought they are not "threatening, harassing
or offensive" - eg. careless use of fax
machines, telemarketers who are SUGging or selling something dubious or
selling or fundraising in a dubious manner. Full analysis of Carrier revenue
impact is not possible here, but less complaints, lowered costs,
happier customers translate into an immensely valuable improvement in
the company's public standing. This is
something which is constantly under threat as customers have trouble
with services, with the company's (typically) imperfect fault and
complaint resolution handling and with the problems arising from
tedious TV ads, intrusive marketing and unpopular infrastructure
roll-outs. The value of improved public
standing to a phone company, in a competitive market for generic
services, is immense - it may be the most significant determinant of
market share. |
CND is
likely to have no appreciable impact on the incidence of malicious
calls, or hence on cost of responding to complaints about such calls. CND may cause more calls to be made - as
people return calls which were made when they were out - but the
completion rate and customer satisfaction with such calls is likely to
be generally low. (Some, such as return
calls to people who accidentally dialled the wrong number and who hung
up before anyone answered, are likely to be a source of frustration
with all concerned.) CND return calls are made with
the flimsiest and least communicative of starting points - the fact
that a call, of unknown purpose, from a person not-necessarily known,
was received from a certain number at some time. A far more communicative
approach is for the customer to have voice mail (or an answering
machine). This is a far move valuable
service - which results in the original call being answered (by the
voice mail service) while it would not generate revenue if left to ring
out, with just a CND box capturing its number (if it was displayable). Voice mail is a much more
valuable service for customers - they can get the details of who called
from wherever they are and most importantly, they gain information from
the caller about whether, when and where to ring them. It is impossible to predict the
net revenue impact, but it is clear that CND will lead to:
A lower proportion of calls being answered.
A higher number of calls being made.
When the call is not answered - to the Receiver's and
Caller's line being tied up for as long and as often as repeat calls
are made. Whether the lost revenue from
unanswered calls will be offset by the increased number of calls (which
are completed) and the monthly CND rental, will be difficult to model. |
Question |
Customer Activated Malicious |
Calling Number Display (CND) |
Is it
effective at deterring or detecting malicious callers? |
Yes -
even if only a ten or twenty percent of the population had CAMCT
enabled, the malicious callers would not be able to risk calling anyone. They would be forced to use public phones for
their activities, and even then would not be able to make many calls
before investigators and Police found out. This
is true even if each malicious call is to a different person. Since many malicious callers like to have
their pleasures from home, office or bed - having to do it in a
relatively exposed and insecure payphone environment makes the whole
process of malicious calling far less convenient and pleasurable. |
No.
Malicious callers simply ensure that their calls are made without a
displayable number (per-line or per-call) of
from a payphone. Especially those callers
who target a fresh victim for each call will hardly be affected - they
simply keep calling different numbers until someone answers. |
Is it
easy for people to understand and use? |
Yes, but
those who use it need to know what kind of calls are considered
"malicious". They need to have some basic
printed information about what to do, when to use it, what it may cost
and who to report the problem call to subsequently. It can
be used by anyone who can use a phone, whereas the use of a CND box
typically relies on good eyesight. |
No.
Ordinary Callers need to know whether the line they are using is
currently configured to allow or disallow the display of the number. They need to know how to change this on a call
by call basis. If a number does not answer,
they need to work through the possibility that the reason for not
answering was due to the displayable number (or lack of it). Whenever they call someone with a displayable
number, they need to consider that that person may have recorded the
number and used it in some way - even if they did not answer the phone. There are many other complications owing to
the cryptic nature of CND, and the serious privacy problems which can
arise from the misuse of a person's phone number. For the Receiver, using a CND
box to find the source of a malicious call just received should be
straightforward - as long as the call had a displayable number. However the number is not as useful for
initiating investigative action or a prosecution. |
Question |
Customer Activated Malicious |
Calling Number Display (CND) |
How big
a public education campaign is needed? |
A
moderate campaign will deter malicious callers. It
does not matter if 30% of the general population have not heard of it -
all that matters is that those who do ask for it to be enabled receive
information on how and when to activate it. A modest campaign will reach the
majority of malicious callers more easily than reaching the majority of
the population - because malicious callers are generally aware of the
illegal nature of their activities and so will want to learn everything
about measures aimed at thwarting them. So a public education campaign
has a dual focus - to alert potential victims of malicious calls to how
to enable it and what it should be used for, and to alert perpetrators
of malicious calls to the fact that a significant number of their
victims will use it to trace their calls. |
For
Opt-Out CND a huge campaign would be required to minimise the number of
people who do not understand that they will normally be divulging their
phone number to everyone they call - whether the calls are answered or
not. AUSTEL's PAC CND Report, which
Telstra and Optus worked on (as PAC members) and have accepted, (and
which the Attorney General and the Minister for Communications are
reportedly delighted with) requires an awareness level of at least 80%
for the privacy and usage issues of Opt-out CND. The
PAC CND report also stipulates that the Carriers pay for a public
education campaign and statistically valid testing to prove this level
of awareness has been achieved. The same
80% awareness level is required in all of six identified sub-groups
(eg. people of non English speaking background) before the service can
be activated. For
Opt-In CND the campaign need not be so big because only those who know
something about it will be able to divulge their number. |
Has it
been used elsewhere? |
Yes -
mainly in the USA and Canada. As far as I
know there have been no privacy controversies regarding CAMCT, but it
is obviously something that needs a good administrative structure which
addresses the privacy problems which could arise if the Caller's number
was misused or disclosed by investigators. |
Yes. Calling Number Display (Caller ID in the USA)
has been the subject of intense controversy. With rare exceptions
regulation has become stricter - increasingly to provide callers with
the ability to retain their previously assumed anonymity when making
calls. This indicates that regulators
and phone companies consistently underestimated the privacy
consequences of Caller ID. |
Has it
been used here? |
Phones
connected to ISDN exchanges have (I think - at least with Telstra) had
CAMCT available since 1991. However these
are typically PABXs in offices and government departments and I don't
know that the facility has been publicised or used much.
Probably in office situations, it is invaluable in the
case of hoax calls including bomb threats. Customer
Activated Malicious Call Trace is only possible on modern digital
exchanges. A few years ago, only a small
proportion of analogue phone customers in Telstra's network were
connected to such exchanges. With the
Future Mode of Operation, (see my article in April 1996 Australian
Communications) all customers will be connected to just 200 digital
exchanges for the entire Australian Telstra network in the next few
years. A majority are connected to these
exchanges already. |
Phones
(or more usually PABX) systems on
Australian ISDN exchanges (thinking mainly of Telstra's here - I am not
sure of the situation with Optus' business customers) do -
or can - get the Caller's number sent in an electronic form. (This is via ISDN D channel signalling - not
the 1200 baud modem tones used for CND on analogue services. The number arrives when the phone starts
ringing, and I am not sure to what extent Callers (from ISDN services)
can control the display of their number to the Receiver. Some offices have their PABXs
configured to send the number to the extension being called, so the
person sees the number before answering. Theoretically only the numbers
of calls made from other ISDN services will be displayed as CND on ISDN. However I have several reports in past years
of the numbers from analogue services being displayed.
This was probably unintentional and hopefully has been
fixed. |
Question |
Customer Activated Malicious |
Calling Number Display (CND) |
If only
5 or 10 percent of the population used it, would it act as a general
deterrent to malicious callers calling anyone? |
Yes. The malicious callers have no way of knowing
who has CAMCT enabled, so they cannot afford to risk calling anyone
from their home or office. Since many male
to female harassing and offensive calls are made from the comfort of
home or work, the number of these calls is likely to be greatly reduced. Kids making occasional prank calls from public
phone boxes might be less affected - but many would be aware of the
traceability of malicious calls and so would be discouraged. |
No. A malicious caller would call without a
displayable number. Those with CND may choose not to answer (at great inconvenience to the
Receiver and some of their legitimate Callers) - so they may be protected, but the malicious caller
just tries another number until someone answers. |
We should aim for a situation in which communications are mutually acceptable - to the originator and receiver of the communication.
Opt-Out CND is can of worms in terms of privacy and telephone usage. The phone companies thought they could make money out of it, but they have not factored in the costs, confusion and controversy. AUSTEL PAC's 80% awareness requirement, whilst not really adequate in terms of protecting the privacy of those who don't understand CND, is a good attempt at making the Carriers responsible for ameliorating the negative privacy consequences of their insistence that CND must be Opt-in or not at all.
Introducing Opt-Out Calling Number Display in the name of privacy is like the Americans allowing everyone to own handguns - in the name of crime prevention. It is an ineffective defence against intrusion, unwanted and malicious calls - and it leads to serious unintentional and undesirable flows of personal information.
Selling people CND on the basis of protecting them from unwanted calls - without telling them about Customer Activated Malicious Call Trace, is like selling fly swats in a mosquito infested area, when you have the ability to largely eradicate mosquitoes.
As new communications means proliferate, the problems of unwanted communications will get worse. In the field of telephony, we should aim to solve these problems with high community standards and with reliable (but non draconian) deterrent and detection methods based on trustworthy professionals, rather than having individuals chasing their problem callers.