|
All Archives /
aussie-isp /
2002-05
|
<<< Date >>> | |
| Permanent Link | ||
|
Date: Sun, 12 May 2002 12:14:06 +1000 (EST)
From: Ross Wheeler To: Howard Lowndes Cc: Irene Graham, Grant Bayley, 2600-list, aussie-isp, link Message-Id: <Pine.BSF.4.33.0205121057310.28942-100000@home.albury.net.au> In-Reply-To: <Pine.LNX.4.33.0205120728300.6407-100000@int.lannet.com.au> Subject: Re: [Oz-ISP] Re: [2600-AU] IIA protecting your privacy |
No followups recorded. |
|
On Sun, 12 May 2002, Howard Lowndes wrote: > I think a point you are missing here Ross, is that there is no way of > knowing that any given CLID does, or does not legitimately belong to the > account owner, short of you requiring a list from the account owner of > specific CLID that s/he will use. Agreed. Which is exactly why I don't (a) force or (b) use CallerID as an authentication scheme. > Even then the use of a CLID outside of > the account holder's defined range could still be one used legitimately by > the account holder. Indeed it could. On the other side of that coin though, I've just done some quick stats. Over a small sample (about 150,000 calls): 3.9% did not present callerID. Of the remaining 96.1% of calls: 55.7% called from only one number 22.1% called from two numbers 9.6% called from three numbers 3.1% called from MORE than 10 different numbers (all I checked were businesses, probably on PABXs and just picking a line more or less at random from their group) >From a different modem pool of mainly home users, 5.4% did not present callerID. Of the remainder: 91.1% called from only one number 3.6% called from only two numbers >From a remote pool from a small rural community, servicing both home and business users: 6.7% did not present callerID. Of the remainder: 77.5% called from only one number 7.5% called from only two numbers An interesting and unanticipated outcome was the number of different users calling from the SAME NUMBER. Ie, one computer with multiple accounts on it. Once it's been identified, it's obvious, but I hadn't expected or even thought about it. (Example: a flat with two people sharing a phone and an account each, or a business who breaks down their usage by task/role, or even someone using their home account while at work). > I would suggest that you could reasonably argue that, as the caller > successfully gained access to the account from a CLID that was not a > notified CLID, you are entitled to assume, since the access was > successful, that the CLID of the call was associated with the account > holder. I don't think that is a valid argument, as has been previously stated: while the account owner is indeed RESPONSIBLE for the use of the account, since it was their username/password, it does not automatically follow that wherever it is used from was their phone or number, or that they have any right to it. In the case of someone who has STOLEN your customers password and is using the account fraudulently, its clearly NOT your customers personal information you would be giving out. (I'm not going to argue that they would LOVE to know who it was and go beat the sh!t out of them, but that's a different issue!). ---- email "unsubscribe aussie-isp" to m a j o r d o m o @ a u s s i e . n e t to be removed. |
|