Malicious phone calls: TV program and trace methods
Robin Whittle
firstpr@ozemail.com.au
Fri, 29 Nov 1996 17:02:54 +0000
Customer Activated Malicious Call Trace
---------------------------------------
Robin Whittle 29 November 1996 http://www.ozemail.com.au/~firstpr
For the Link mailing list and newsgroups aus.comms and aus.org.efa
I hope to raise awareness of these issues and improve my
understanding. Please let me know of any problems or
improvements to this - I will email an update.
This is an awkward area which can fall between the cracks
of existing commercial and departmental responsibilities.
However the licence conditions for telecommunications
carriers make them responsible for trying to prevent the
use of the network for criminal purposes.
Much more can and should be done to deter and detect malicious
calls. Administratively it is tricky - involving awkward
situations, potential privacy problems and law enforcement.
Technically, with Customer Activated Malicious Call Trace, it is
much easier than the cumbersome techniques generally used at
present.
The program last night (ABC TV 9.30 28 Nov 96) on malicious phone
calls - the 1995 BBC "Telephone Terror", depicted some serious cases
of malicious phone calls, but provided no constructive analysis about
how the problem could be better tackled.
There was no mention of Customer Activated Malicious Call Trace
(CAMCT) as a method of deterring and detecting malicious callers.
Here is some analysis for the Australian context. I am concerned that
unless some positive action is taken soon, we will have an even less
effective solution to the malicious call problem than we have now or
was depicted in the BBC program.
I have sent some people written material on CAMCT which I first
wrote in 1993. This material is not on my WWW site, but I can
email it as a Word file to anyone who is interested.
Joe Narun <J-Narun@worldnet.att.net> recently provided me with what
seems to be an excellent summary of the CAMCT arrangements in various
US states. I can email this to you.
Beyond the matter of unwanted telephone calls, many of these issues
are relevant to other forms of communication via the Internet.
Currently, real-time two-way calls (voice / video) are not common, but
this is largely a product of limited bandwidth, emerging standards,
and the fact that most users are not connected 24 hours a day. These
barriers will soon be gone, and the prospect of unwanted and malicious
voice communications (which we will respond to similarly to phone
calls) and the prospect for automated SPAM audio marketing by this
means. Already there have been cases of automatic voice recording
outbound telemarketing calls in Australia.
The BBC program provided the following statistics, which were probably
for 1994/95: British Telecom employed 150 investigators, costing 15
million pounds a year, in 11 bureaus, tracing malicious calls. An
estimated 15 million calls were made - two thirds of them to women.
70,000 trace operations per year in the UK, tracing 1,000,000 calls,
resulting in less than a thousand prosecutions (conviction rate??).
Assuming that these figures scale with the 3.2 : 1 ratio in
population, these figures translate into an Australian scenario of
roughly :
50 investigators
$10 million
5 million malicious calls
~300 prosecutions (Actually I expect that there are far
fewer than this in Australia.)
Clearly this is an expensive, ineffective means of dealing with a
nasty and pervasive problem. When I tried to find details from Telstra
several years ago, I was told that no central records were kept of
complaints, traces or convictions. (I heard recently that consumer
concern about inadequate tracing procedures is a regular subject of
letters to the Minister for Communications.)
The tracing methods used by BT seemed to be much the same as those
used by Telstra. Special action must be taken following a malicious
call, to enable a tracing operation to begin. Consequently, these
methods are generally only effective against repeated calls to the one
victim.
There is an alternative called "Customer Activated Malicious Call
Trace" (CAMCT) which is available as a standard feature of all modern
telephone exchanges. I have checked with the relevant people in
Telstra and Optus, and confirmed that their exchanges are capable of
supporting CAMCT with the use of standard software features from the
exchange manufacturers - Ericsson and Alcatel for Telstra and Nortel
for Optus.
** The greatest advantage of CAMCT is that it makes it easy to trace
** the many one-off malicious calls - and therefore acts as an **
excellent deterrent to all malicious callers.
CAMCT is available now on Australian ISDN services - primarily for
PABXs - but there are a few technical complications I will not go into
here. (Call me if you are interested.) ISDN CAMCT has the advantage
that it can be activated during the call. The GSM digital mobile
system already has CAMCT built into it, but as far as I know it is not
used in Australia.
The following discussion refers to CAMCT on analogue phone lines. This
is a much simplified version of the explanation from Joe Narun
<J-Narun@worldnet.att.net>. This would also be relevant to the
residential phone services provided on Optus Vision's HFC cable. (See
my August 96 Australian Communications article.)
Customers ask to have the service enabled - this involves no cost, but
makes it an opt-in feature. Then if they get a malicious call, they
hang up and dial a special code (such as *78). This leads to a
recorded message with instructions on keys to press to complete the
trace request.
This recorded message arrangement sounds ideal, but it would also be
possible to activate the trace by simply dialling a special number.
Some of Telstra's exchanges can perform a trace during the call when
they receive a "hook-flash" (taking the phone off line for 0.1 seconds
- usually by the customer pressing the "flash" or "recall" button).
For customers with Centrex or Easy Call, they press the "recall"
button and then dial a special number. Another approach to CAMCT is to
leave the phone off-hook for more than 60 seconds. For CAMCT,
something more deliberate, especially with a recorded message, would
be better.
There is an activation fee of ~US$5 to $7 to deter frivolous use. (I
have heard that some states in the US enable investigators to waive
this fee if they consider the activation to be for a genuinely
malicious call).
The number of the previous incoming call is captured at the exchange
and forwarded immediately through the network to carrier
investigators. To what extent they and/or the state/federal police
are involved varies with the circumstances.
The receiver of the malicious call does not have access to the number
of the caller. This avoids many privacy problems and opportunities
for misuse. The idea is that police and/or trained investigators
handle the problem.
This has nothing to do with Calling Number Display. It works now -
the receiver's exchange already knows the caller's number as part of
the CCS7 call setup communications. No caller can disable the capture
of their number, whilst CND display can be disabled by the caller. (I
have a long list of reasons why CAMCT is very different and completely
superior to CND for deterring and detecting malicious calls.)
The drama involved in the trace operations depicted in this program,
suggests that BT was not using CAMCT at all.
Telstra does not use CAMCT for analogue phone customers, although the
widespread use of the modern Future Mode of Operation exchanges makes
it technically possible.
If callers knew that even a small proportion (say 20% of customers)
had CAMCT enabled, then they would be effectively deterred from making
malicious calls.
In other words, the bulk of the problem (including the very serious
calls depicted in this program, and bomb threats) could be eliminated
by the introduction of CAMCT. This would greatly reduce investigative
costs by firstly reducing the number of malicious calls and secondly
by enabling instant tracing, without cumbersome setup procedures.
Carriers would be able to rightly say that they were doing their
best to protect the privacy of their customers. CAMCT is by far the
best way for carriers to carry out their statutory requirements to
prevent the use of the network for the commission of crimes in respect
of malicious calls.
I have been told by two informed sources that Telstra has disbanded
(or is in the process of doing so) its Protective Services Division -
which handled serious malicious call tracing operations. I have also
been told that Telstra charges the police (at least in some
circumstances) for call trace information - and that some Police are
most unhappy about this. Without Customer Activated Malicious Call
Trace, there are high costs in (for instance) sorting through the
outgoing call records of many exchanges in the hope of finding the
caller. (I want to check these points with Telstra's Michael
Pickering, but he was not available today.)
Telstra has not officially been keen about introducing CAMCT, while at
the same time it has been promoting Calling Number Display - based
no-doubt on the idea that it can make money from CND but not from
CAMCT.
There are all sorts or problems here. See my WWW site for
information on CND. CND is a can of worms in every respect - privacy,
technically, socially and in terms of telephone usage (less calls
answered). Malicious call tracing is not a revenue generating
activity (5 million malicious calls at $5 each looks tempting - but
CAMCT would drastically reduce the number of such calls).
CAMCT is a cost-effective means of improving service quality and
minimising the need for costly investigations by the carriers and/or
the police. When properly administered, it is an excellent way of
protecting the privacy of customers - a field in which Telstra now has
an excellent privacy policy and audit.
It looks like the post 97 environment legislation, with the multitude
of carriers, will not provide a telecommunications industry based
approach to detecting and deterring malicious calls.
There are arguments for this being purely a police matter - but the
Federal Police are apparently uninterested, citing shortage of funds.
State police may also need to be involved, due to state anti-stalking
legislation, and their greater ability to physically find malicious
callers - for instance when quick response is required to find someone
using a payphone.
Call tracing involves potentially serious privacy risks, however I
think it is feasible to arrive at a technical and administrative
arrangement (with audits) which minimises the risks and maximises the
deterrent and detection effectiveness of CAMCT.
I am not sure to what extent the investigations should be handled by
the individual carriers, by some non-police nation-wide carrier based
investigative service or by a special department of the Federal
Police. My current preference is for a central, audited, telco
industry based body, funded by all carriers, which has close relations
with state and federal police - enabling it to respond most
appropriately and instantly to bomb threats and malicious callers who
use payphones. I foresee a range of responses according the great
diversity of situations - not a draconian or fixed response.
Malicious calls are defined in section 85ze of the Commonwealth
Crimes Act as being "threatening, harassing or in the circumstances
offensive". There are other kinds of unwanted calls - particularly
outbound telemarketing which fall outside this definition, but which
also raise problems for consumers.
Here is not the place to go into further detail. I am corresponding
with a number of people in the industry and in various regulatory,
consumer protection and administrative positions about the need for a
good approach for dealing with malicious calls.
Consumers Telecommunications Network has raised the question of
Customer Activated Malicious Call Trace in the committee which is
reviewing the definition of the Standard Telephone Service. This
would greatly improve the prospects for deterring malicious calls, and
involves exchange software and management, rather than expensive new
capabilities for telecommunications lines or for customer equipment.
I would welcome input and assistance on this ugly duckling matter -
which the potentially responsible players in industry and government
seem reluctant to involve themselves in.
Since there are no effective personal defences against these calls
(answering machines and CND are useless in any practical sense) it is
vital that a systematic, coordinated, professional, network-based
approach be developed. The economic benefits alone justify the
moderate effort of implementing CAMCT and a suitable investigative
team. The social costs of leaving things as they are, without CAMCT,
are far greater.
- Robin
. Robin Whittle .
. http://www.ozemail.com.au/~firstpr firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia .
. Ph +61-3-9459-2889 Fax +61-3-9458-1736 .
. Consumer advocacy in telecommunications, especially privacy .
. .
. First Principles - Research and expression - music, .
. music industry, telecommunications .
. human factors in technology adoption.
. .
. Real World Interfaces - Hardware and software, especially .
. for music .