PRIVACY Forum Digest Friday, 24 March 1995 Volume 04 : Issue 07 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy, and the Data Services Division of MCI Communications Corporation. CONTENTS Perhaps privacy is not what it seems (Steve Mann) Re: How can files be 100% wiped? [linux encrypted swap] (eichin@mit.edu) How much is "enough"? (Tom Zmudzinski) Privacy issues in intelligent transportation systems (Phil Agre) Is Caller ID to be mandantory nationally, April, 1995? (Jim Warren) FCC delaying draconian CNID measures (Phil Agre) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com". ----------------------------------------------------------------------------- VOLUME 04, ISSUE 07 Quote for the day: "Rules are rules." "FBR" Agent Sullivan (Arte Johnson) "The President's Analyst" (1967) ---------------------------------------------------------------------- Date: Sun, 12 Mar 95 14:57:19 -0500 From: Steve Mann Subject: Perhaps privacy is not what it seems What would happen if all credit card records were accessible by everyone? Strange is it may seem, could it be that this might *enhance* privacy, because it would make us fully aware of just how much is know about us? Perhaps because it might also encourage people to look at the source of the problem rather than the symptom. Perhaps it would get people looking at alternatives like digicash, and using technology to protect their privacy rather than law. Instead of having technology continue to invade privacy more and more, and using law to hold it back, perhaps the technology itself could be used to enhance privacy. > attempt to get the subpoenas overturned. But the 13th company, American > Express did not, and instead voluntarily turned over *seven years* worth > of records on those reporters *and* records for a half-dozen reporters > with no connection to the case. Is it possible, perhaps, that American Express did privacy a service here? Taking this action to the extreme limit, suppose they put the records on the World Wide Web? Wouldn't this eliminate the selling of credit records? (Once they are freely available their market-value would take a drastic decrease, a and it would be very hard to make money from them.) Perhaps it would also allow people to clearly see exactly how much is known and therefore how much is not private. Similarly, with the wiretap bill, suppose instead that anyone could tap anyone else's phone line (say by dialing #, and then that person's phone number). Wouldn't this actually *help* privacy by causing people to obtain telephones with built-in encryption rather than asking Big Brother to protect their privacy with privacy-laws? Perhaps a definition of what we mean by the word ``privacy'' would be useful, since so many people seem to be using this word in so many different ways. [ Uh, much as I'm tempted to comment here, I'll bite my tongue and leave it to the readership to respond to the "privacy" concepts suggested above... -- MODERATOR ] ------------------------------ Date: Sun, 12 Mar 95 18:16:11 -0500 From: eichin@mit.edu Subject: re: How can files be 100% wiped? [linux encrypted swap] >> There's still the problem of virtual memory causing plaintext to >> be written to the paging disk. However since the paging space is Someone in Sweden just announced patches to Linux 1.2.0 for encrypting the swap area; he claims an overhead of about 20ms/4K for the more secure version, 2ms/4K for a weaker one. I haven't started using it myself, yet, but I can certainly think of applications for it. (It is still in alpha test, but it is an example of what can be done...) >> A possible solution here might be somehow to lock the process into >> memory so that it is never paged out, or even once copied to disk. Some operating systems support a "plock" system call to lock a page in memory. If the system is paging in the first place, though, excessive use of it could be detrimental to overall performance. _Mark_ Cygnus Support, East Coast ------------------------------ Date: Tue, 14 Mar 95 17:32:02 EST From: "Tom Zmudzinski" Subject: How much is "enough"? In-Re: How can files be 100% wiped? On Tue, 14 Feb 1995, G Martin posted to PRIVACY Forum Digest V04 #05 > I am very confused about something and I'm hoping that > someone on this list can help me get to the truth. I'm going to > be teaching a class on Internet to a group of parents in a few > months. These parents have indicated to me that security/privacy > issues are a big deal to them (and truthfully they're a big deal > to me too). One area where I keep getting mixed signals on is > how to *REALLY* remove old data from hard drives, floppies and > backup tapes. As others have said, if you want 100% assurance that the data is gone, burn the media (and if it's mylar, watch out for cyanide!) However, if you are willing to live with some Risk (do you have a choice? You're living on a planet that attracts rocks!) you can try the following: 1. Get yourself the biggest "refrigerator magnet" (the rubbery kind) you can. They have incredible coercivity! (It's not the strength of the magnetic field but the _rate_of_change_ of the field that wipes data, and those oh so smooth "rubber" magnets are "rougher" than the mountains of the Moon in terms of their magnetic domains.) 2. (Optionally) deformat the disk using a "diskwipe" utility. 3. Demount the media and wipe your rubber magnet over the surface in an overlapping and crossing pattern. 4. Remount the media and try to read it (it had better fail -- or else you're back in the toxic waste disposal business). 5. Format it. 6. Repeat steps 2 through 5 until feelings of paranoia go away. Is it bulletproof? No, but someone has to *really* want that data! In-Re: Destruction of data On Sun, 26 Feb 1995, cpreston@alaska.net (Charles M. Preston) posted to PRIVACY Forum Digest V04 #06 >> A report from the Institute for Defense Analyses from several years >> ago stated that with enough processing power and time, data could be >> recovered almost regardless of the method used to erase it. The same Unfortunately, "with enough processing power and time" one might do nearly anything. "Enough" is a pseudo-superlative. The reality is that if the media is overwritten "enough" (there's that word again!), the data is lost in Chaos. That's why *NO* amount of "processing power and time" is enough to extract, say, the first word ever spoken from the random noise around us. Eventually (another pseudo-superlative), the signal will drop below the noise level. >> report gave a rule of thumb about the necessary strength of magnetic >> fields used to erase data. If this holds true for newer media like >> high-density diskettes and DAT drives, it may be impossible to >> adequately erase this media, including hard drives, with current >> degaussers. I'll agree that today's degaussers are suspect, especially if you're talking about single pass usage. But it's not exactly news that we've been in a technology race for as long as there's been a Human Race. This is just one more battle to be fought and lost. And here's something chilling for your Thought For The Day file: There is a small, but unacceptable, probability that Comet Swift-Tuttle will hit the Earth on 14 August 2126 (and a MUCH better chance come 3044 AD). Swift-Tuttle is approximately five miles in diameter, somewhat LARGER than Comet Alverez, the flying iceberg currently thought to have finished the dinosaurs. Now, are you certain you don't want to invest some of your children's tax dollars in space defense technology? [ I've certainly got those dates circled in red in my day planner... -- MODERATOR ] ------------------------------ Date: Thu, 16 Mar 1995 22:05:12 -0800 From: Phil Agre Subject: privacy issues in intelligent transportation systems ------------------------------------------------------------------------- Intelligent Transportation Systems in the United States Serious Privacy Issues -- Opportunity for Public Comment March 1995 Please pass this file to anybody who might be interested. ------------------------------------------------------------------------- Intelligent Transportation Systems (ITS) is a very large program organized by industry and government to apply computer and communications technologies to transportation. If ITS lives up to its proponents' hopes then it will eventually affect virtually everybody. ITS systems are already implemented in many American states and other countries, particularly for automated toll collection, and numerous others can be expected soon. Architectures, standards, and regulatory frameworks for US national ITS systems are being formulated through a long, complex private-public partnership process that is already well under way. Although ITS promises to bring many benefits, if implemented incorrectly it can also pose a grave threat to personal privacy by making extensive information on individuals' travels available to governments, marketing organizations, and others. The second half of this file contains the most recent draft of the "privacy principles" for ITS, now being circulated for comments by the industry group ITS America. If you do have any comments then I encourage you to submit them to ITS America; 400 Virginia Avenue SW, Suite 800; Washington DC 20024-2730. I also strongly encourage you to obtain a copy of the November 1994 report on the DOT/ITS America national architecture plan from Mr. George Beronio; Federal Highway Administration; HTV-10 Room 3400; US Department of Transportation; 400 7th St SW; Washington DC 20590. For more information, see http://weber.ucsd.edu/~pagre/its-issues.html I am circulating the draft ITS privacy principles on my own initiative and not as a representative of ITS America, the University of California, or any other organization. The comments that follow reflect my own views. Here are some issues to consider: * What will prevent states from giving local police broad powers to use ITS information for law enforcement purposes? Do the democratic processes in state legislatures provide enough protection, or should the architecture for ITS systems resist abuse through anonymity and other measures? What does "ambushed" mean, and what if anything does "reasonable expectation" mean in practice? * Is an opt-out system sufficient to prevent abuse of ITS information by marketers? Do opt-out systems work well enough in other areas, such as secondary uses of personal mailing addresses and associated demographic information? What specific guidelines might be required to ensure that the opt-out is "user friendly" enough? Would an opt-in system be preferable? Such a system would set the default differently, so that your personal ITS information would not be available to marketing organizations without your express consent. * Should ITS systems collect individually identifiable information at all? That is, should the architecture be designed so that databases end up containing personal travel information that is indexed in some form that can be merged with personal information from other sources? Or should the system be entirely anonymous? * To what lengths should ITS implementers be required to go in order to provide drivers with the option of using ITS anonymously? How easy should it be to pay with cash -- or with digital cash? * Should ITS privacy guidelines have the force of law? Which ones? What would these laws be like, what level of government would be responsible for them, and how would they be enforced? If the guidelines do not have the force of law, what guarantee is there that ITS implementers will follow them in a substantive way? * Who should be liable when ITS information is employed to violate an individual's privacy? ITS developers? States? Both? What statutory framework is required to ensure that violated individuals can pursue and receive adequate legal remedies? * How is the adequacy of ITS privacy safeguards to be determined? Who will make this determination? Will there be an ongoing evaluation? By whom? * Is it practical to specify privacy guidelines without detailed reference to the ITS system architecture? How could the guidelines specify relevant aspects of the architecture more precisely without sacrificing adaptability to a wide range of settings? Are restrictions on the architecture required to ensure privacy, or does it suffice to formulate guidelines like these independently of the development of the architecture? * Should ITS development be permitted to proceed before privacy requirements are adequately defined, widely discussed, and broadly approved? Have these requirements been adequately articulated thus far in the process? * Are the guidelines clear enough? Are any passages vague or ambiguous? * Does the Freedom of Information Act really require a balance between privacy and right to know? Or does privacy take priority? * Does the requirement for "visibility" (also known as "transparency") need to be defined more precisely? What guidelines might be needed to ensure that information about ITS data flows are available to the general public in a useful form? * Is it alright to permit non-ITS organizations to make unlimited use of ITS information that does not identify individuals? Can we envision any types of non-individualized information whose use the public has an interest in regulating? * In the paragraph on secondary uses, is the expression "information absent personal identifiers" restrictive enough? What about information without personal identifiers but with identifiers for particular automobiles? What about information with identifiers for particular "smart cards" or bank account numbers? Might there be other types of information that permit individual identities to be readily reconstructed through merger with other sources? * The word "appropriate" appears four times. Does this notion need to be spelled out more specifically? Can this be done without introducing excessive inflexibility? How? * Who should have an opportunity to comment on these guidelines? Should the comments be publicly available? How? * Is it reasonable that these guidelines are being developed by a private organization rather than by the government? What initiatives, if any, should the government be taking to ensure privacy protection in this area? Although many of my views can be inferred from the way I have framed my questions, you are obviously free to draw your own conclusions about these matters and any others I might not have mentioned. I encourage you to communicate your views and to help make the issues known to the broad public that they affect. Public awareness is now virtually nil, and this is clearly unacceptable for an issue with the potential for such profound and pervasive consequences. -- Phil Agre pagre@ucsd.edu http://communication.ucsd.edu/pagre/agre.html ---------------------------- ITS America Draft Final Intelligent Transportation Systems Fair Information and Privacy Principles These fair information and privacy principles were prepared in recognition of the importance of protecting individual privacy in implementing Intelligent Transportation Systems. They have been adopted by ITS America in "draft final" form. The Privacy Task Group of the Legal Issues Committee will present these principles for review and comment to organizations and groups interested in privacy and ITS outside of ITS America during 1995. They will then be submitted for final adoption to the ITS America Legal Issues Committee, Coordinating Council, and Board of Directors. The principles represent values and are designed to be flexible and durable to accommodate a broad scope of technological, social, and cultural change. ITS America may, however, need to revisit them periodically to assure their applicability and effectiveness. These principles are advisory, intended to educate and guide transportation professionals, policy makers, and the public as they develop fair information and privacy guidelines for specific intelligent transportation projects. Initiators of ITS projects are urged to publish the fair information privacy principles that they intend to follow. Parties to ITS projects are urged to include enforcible [sic] provisions for safeguarding privacy in their contracts and agreements. * INDIVIDUAL CENTERED. Intelligent Transportation Systems (ITS) must recognize and respect the individual's interests in privacy and information use. ITS systems create value for both individuals and society as a whole. Central to the ITS vision is the creation of ITS systems that will fulfill our national goals. The primary focus of information use is to improve travelers' safety and security, reduce travel times, enhance individuals' ability to deal with highway disruptions and improve air quality. Traveler information is collected from many sources, some from the infrastructure and some from vehicles, while other information may come from the transactions -- like electronic toll collection -- that involve interaction between the infrastructure and vehicle. That information may have value in both ITS and non-ITS applications. The individual's expectation of privacy must be respected. This requires disclosure and the opportunity for individuals to express choice. * VISIBLE. Intelligent transportation information systems will be built in a manner "visible" to individuals. ITS may create data on individuals. Individuals should have a means of discovering how the data flows operate. "Visible" means to disclose to the public the type of data collected, how it is collected, what its uses are, and how it will be distributed. The concept of visibility is one of central concern to the public, and consequently this principle requires assigning responsibility for disclosure. * COMPLY. Intelligent Transportation Systems will comply with state and federal laws governing privacy and information use. * SECURE. Intelligent Transportation Systems will be secure. ITS data bases may contain information on where travelers go, the routes they use, and when they travel, and therefore must be secure. All ITS information systems will make use of data security technology and audit procedures appropriate to the sensitivity of the information. * LAW ENFORCEMENT. Intelligent Transportation Systems will have an appropriate role in enhancing travelers' safety and security interests, but absent consent, government authority, or appropriate legal process, information identifying individuals will not be disclosed to law enforcement. ITS has the potential to make it possible for traffic management agencies to know where individuals travel, what routes they take, and travel duration. Therefore, ITS can increase the efficiency of traffic law enforcement by providing aggregate information necessary to target resources. States may legislate conditions under which ITS information will be made available. Absent government authority, however, ITS systems should not be used as a surveillance means for enforcing traffic laws. Although individuals are concerned about public safety, persons who voluntarily participate in ITS programs or purchase ITS products have a reasonable expectation that they will not be "ambushed" by information they are providing. * RELEVANT. Intelligent Transportation Systems will only collect personal information that is relevant for ITS purposes. ITS, respectful of the individual's interest in privacy, will only collect information that contain [sic] individual identifiers which are [sic] needed for the ITS service functions. Furthermore, ITS information systems will include protocols that call for the purging of individual identifier information that is no longer needed to meet ITS needs. * SECONDARY USE. Intelligent Transportation Systems information coupled with appropriate individual privacy protection may be used for non-ITS applications. American consumers want information used to create economic choice and value, but also want their interest in privacy preserved. ITS information is predictive of the types of goods and services that interest consumers, for example the right location for stores, hospitals, and other facilities. However, that same information might also be used to disadvantage and harm a consumer. Therefore, the following practices should be followed. * ITS information absent personal identifiers may be used for ITS and other purposes. * Other unrelated uses of ITS information with personal identifiers may be permissible if individuals receive effective disclosure and have a user friendly means of opting out. * Data collectors will only provide personal information to private organizations that agree to abide by these privacy principles. * FOIA. Federal and State Freedom of Information Act (FOIA) obligations require disclosure of information from government maintained databases. Database arrangements should balance the individual's interest in privacy and the public's right to know. In determining whether to disclose ITS information, governments should, where possible, balance the individual's right to privacy against the preservation of the basic purpose of the Freedom of Information laws to open agency action to the light of public scrutiny. ITS travelers should be presumed to have reasonable expectations of privacy for personal identifying information. Pursuant to the individual's interest in privacy, the public/private frameworks of organizations collecting data should be structured to resolve problems of access created by FOIA. ------------------------------ Date: Sun, 19 Mar 1995 09:45:32 +0800 From: jwarren@well.sf.ca.us (Jim Warren) Subject: Is Caller ID to be mandantory nationally, April, 1995 ? Would you like to know who's electronically knocking on your bedroom door in the middle of the night? Would you like to remain entirely undisturbed by anyone who's unwilling to identify themselves to you when they try to contact you or electronically enter your home? Would you like for the computer system you call to be able to verify that the call is coming actually from your phone number - rather than from some vile computer cracker who's somehow obtained your user-id and password? Would you like computer systems to selectively allow access to "sensitive" or "adult(?)" material via a call coming from your phone, identified as a mature(?) adult, while blocking access requests via your young teen-ager's phone that might be identified as such? And would you like to selectively keep some people whom you decide to visit electronically, no matter the time nor location at which you decide to contact them, from knowing who you are - for personal privacy or for nefarious purposes (or both)? Okay. I just received a Spring, 1995, junkmail catalog from Hello Direct, a telephone add-ons company. For some reason that's probably fantesy, I had the impression they were somehow associated with Pacific Bell, though I found no mention of it in this edition of their catalog. (800-444-3556; now you know everything I know about 'em.) An ad for a Caller ID blocking device on page 45 stated: "Mark your calendar. In April, 1995, Caller ID will be a 'done deal,' nationwide. You may or may not have Caller ID service from the phone company today. But in April, every telephone company coast-to-coast will be required to offer it, by law. "Your number can be legally displayed, for anyone you call who has Caller ID service and a phone with Caller ID functionality. ... While you could get a call-blocking service from the phone company, you'd have to keep paying for it every month. For a tidy fifty bucks, this clever little device does the trick just as well - no monthly service needed." (Unsurprisingly, the catalog also offered ID receiving units, as well as this ID transmission blocker. :-) I don't know whether this is true, partly-true (e.g., for interstate calls) or only sometimes true depending on which state you're in, as is now the case. Can anyone cite a federal statute or regulation - probably from the FCC - mandating such national service? Would love to have the exact citation and text of any such mandate. --jim Jim Warren, GovAccess moderator; columnist, MicroTimes/Govt.Tech/BoardWatch jwarren@well.com (well.com = well.sf.ca.us; also at jwarren@autodesk.com) 345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request> [ From the PRIVACY Forum Moderator: First off, "Hello Direct" is not associated with Pacific Bell, unless there's some secret connection I've never heard of! The $50 CNID blocking device mentioned is actually a device to automatically dial *67 at the beginning of every call, to activate the per-call CNID blocking feature that the FCC mandated be available *for free* to all subscribers [but see below]... The FCC did *not* mandate CNID be available everywhere. What the FCC actually mandated is that CNID data be passed between local telcos and IXCs ("long distance companies") on interstate calls starting that date. They also mandated that before that be done local telcos must provide free per-call blocking (i.e. *67) for their subscribers, regardless of whether or not CNID display services were being offered to subscribers in that area. They also mandated that the privacy indication triggered by the use of per-call CNID blocking must be honored by all receiving local telcos. Note that: 1) This says nothing about the actual providing of CNID to subscribers. If the local telco decides they don't want to provide the ability for their subscribers to receive CNID, that's OK. 2) It says nothing about intrastate calls, which may still be under tighter controls (potentially with per-line CNID blocking still available). There are some technical issues revolving around the question of providing per-line blocking for intrastate calls and only per-call blocking for interstate calls. 3) It says nothing about calls to 800 or 900 numbers, which use ANI for caller (line) identification and are not affected by CNID restrictions. The issue of 800 numbers in particular is a thorny one, since the party paying for the call does need some way to track abusive and other usage. 4) Many state PUCs (and other entities) have apparently filed suits against the FCC regarding their ruling, particularly where the ruling would preempt the states' own rules for providing of per-line CNID blocking (at least as far as interstate calls are concerned). 5) Many local telcos seem quite confused about what's going on, and it has long seemed unlikely that the April implementation date would be fully met, especially since neither many local telcos, nor most IXCs, have said anything to their subscribers about use of *67 in those areas where CNID services are not being offered. NEWS FLASH! See the next message in this digest for important news regarding this topic area! I should add that I also saw that same writeup in the "Hello Direct" catalog. By the way, one of the Caller ID boxes in their catalog, showing a name display, is displaying the name "Will Robinson". I guess someone really might be "Lost in Space". -- MODERATOR ] ------------------------------ Date: Wed, 22 Mar 1995 17:25:18 -0800 From: Phil Agre Subject: FCC delaying draconian CNID measures A friend on the net has pointed out to me that the March 20th 1995 "daily digest" of the FCC (http://fcc.gov:70/0/Daily_Digest/dd032095.txt or gopher fcc.gov) includes the following text, which is listed as an addendum that was released March 17th but not included in that day's summary: CALLER ID. Effective March 17, stayed effectiveness of Sections 64.1601 and 64.1603 of the Commission's rules in the matter of Rules and Policies Regarding Calling Number Identification Service -- Caller ID. (CC Docket 91- 281 by Order [FCC 95-119] adopted March 17 by the Commission) Although the full text does not seem to be available yet, the point seems to be that the FCC is backing off its ill-considered attempt to override state privacy protections for consumers whose phone systems employ Caller Number Identification (CNID, "Caller ID"). Nothing is wrong with CNID as such, and many supporters of CNID also support the necessary privacy features. The imporant thing is to ensure that people can easily block and unblock the sending of CNID from their own phone lines ("per line" not just "per call"). Otherwise, CNID turns from a device that allows people to regulate their own privacy (by deciding which outgoing calls should identify them and which incoming calls to accept) to a device that generates marketing information. For a long time, many CNID proponents denied that marketing applications were a significant motivation for CNID. Now that numerous business CNID software applications are becoming available (contact Rochelle Communications at (512) 339-8188), one more commonly hears arguments (for example from Peter Huber in Forbes, 6/6/94) that opponents of poorly designed CNID are anti-technological paranoiacs. Most recently, reports have been pouring in (see the most recent EPIC Alert) of badly implemented CNID blocking in several states that has revealed thousands of phone numbers that should have been protected. Clearly it's time to call "time out" on CNID and determine whether privacy protection is being treated as a crucial functionality to CNID or as an obstacle to its most profitable implementation. Phil Agre, UCSD [ From the PRIVACY Forum Moderator: I've included below the sections referenced in the above text. Note that based on a reading of just this material, there's no way to determine if the stay is related to technical difficulties in implementing the order by the original date (e.g., SS7 problems) or relates to a broader reconsideration of the issues in light of various actions and events which have occurred since the order. One can only hope it is the latter. -- MODERATOR ] ----------------------------------- 64.1601 Delivery Requirements and Privacy Restrictions (a) Delivery. Common carriers using Signalling System 7 and offering or subscribing to any service based on Signalling System 7 functionality are required to transmit the calling party number associated with an interstate call to interconnecting carriers. (b) Privacy. Originating carriers using Signalling System 7 and offering or subscribing to any service based on Signalling System 7 functionality will only recognize *67 dialed as the first three digits of a call (or 1167 for rotary or pulse-dialing phones) as a caller's request for privacy on an interstate call. No common carrier subscribing to or offering any service that delivers calling party number may override the privacy indicator associated with an interstate call. The terminating carrier must act in accordance with the privacy indicator unless the call is made to a called party that subscribes to an ANI or charge number based service and the call is paid for by the called party. (c) Charges. No common carrier subscribing to or offering any service that delivers calling party number may (i) impose on the calling party charges associated with per call blocking of the calling party's telephone number, or (ii) impose charges upon connecting carriers for the delivery of the calling party number parameter or its associated privacy indicator. (d) Exemptions. 64.1601 shall not apply to calling party number delivery services (i) used solely in connection with calls within the same limited system, including (but not limited to) a Centrex, virtual private network, or private branch exchange system; (ii) used on a public agency's emergency telephone line or in conjunction with 911 emergency services, or on any entity's emergency assistance poison control telephone line; or (iii) provided in connection with legally authorized call tracing or trapping procedures specifically requested by a law enforcement agency. 64.1603 Customer notification. Any common carrier participating in the offering of services providing calling party number, ANI, or charge number on interstate calls must notify its subscribers, individually or in conjunction with other carriers, that their telephone numbers may be identified to a called party. Such notification must be made not later than April 12, 1995, and at such times thereafter as to ensure notice to subscribers. The notification shall inform subscribers how to maintain privacy by dialing *67 (or 1167 for rotary or pulse-dialing phones) on interstate calls. For ANI or charge number services for which such privacy is not provided, the notification shall inform subscribers of the restrictions on the reuse or sale of subscriber information. ------------------------------ End of PRIVACY Forum Digest 04.07 ************************