Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2016
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Roger Clarke **
Notes of 8 July 2005
© Xamax Consultancy Pty Ltd, 2005
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/ENUM0507.html
ENUM is a proposal to provide a mapping from telephone numbers to IP-addresses. A call initiated to a telephone number could be put through to whichever Internet-connected device is appropriate at the time, as dictated by user-controlled entries in a directory of contact-points. The term ENUM refers to 'Electronic Telephone Numbers Mapping'. Further detail can be found in my own description from 2002, a brief explanation provided by ACMA, and another provided by the ENUM project.
ENUM clearly offers potential benefits, in the form of convenience and efficiency. But it also has potentially very serious negative implications for the privacy of individuals, and even their physical safety. This is because longstanding data protection afforded by existing directory systems are in danger of being blown away by new and naive engineering designs.
In 2002-03, I developed, and presented at an ISOC-AU conference, a paper expressing serious concern about the initial conception of ENUM. The paper includes summaries of the concerns also expressed in November 2002 by the Australian Privacy Foundation (APF) and Electronic Frontiers Australia (EFA).
The present notes were prepared in July 2005, after I received notice of the launch of an ENUM Trial by AARNet.
During 2003-05, an ENUM Discussion Group (DG) has been running, chaired by the Australian Communications Authority (ACA), now the Australian Communications and Media Authority (ACMA). It has had a published Terms of Reference. Its membership appears not to be publicly available, but it was to "comprise representatives from the telecommunication and Internet community, consumer groups, privacy organisations and regulatory authorities". A distribution list accidentally disclosed during the early life of the DG suggested that it was dominated by industry interests, with very limited public interest input.
A register of documents produced by the DG is available, but it is unclear which of them are working papers, and which, if any, define the conditions under which the trial is to be conducted.
The ENUM DG has developed a proposal to the stage that a trial is commencing, with some information provided on the ACMA site, and some on the project's own web-site, including a description of the trial.
It is also unclear from the ENUM Trial site what, if any, documents are authoritative. I was advised that a 'Context Document' existed, but browsing and searching the ACMA and ENUM Trial sites did not locate it. I eventually tripped over an entry on what appears to be an (External) Links page, to a Context Document for the Australian ENUM Trial (276KB). This is on the ACMA site, and it is not clear whether and to what extent it is authoritative or merely informative.
The 2002 papers my myself, the APF and the EFA identified a range of serious concerns. These are summarised in Appendix 1. These documents were provided to the ENUM DG at the commencement of its work. The impression given to privacy advocates was that they represented an agenda for the work that Group was to undertake.
The ENUM DG has included representatives of a couple of privacy advocacy groups, specifically one person from each of EFA and APF. (I have received mailings, but have not had the time or funding to enable me to participate, beyond providing my paper to the DG at the beginning of its work). The time of the representatives who have participated has not been funded, and hence they have been able to devote only limited time to the matter.
On 6 July 2005, I received an announcement that AARNet is conducting the first trial of ENUM. I followed through the links provided on the AARNet site, and was very concerned to discover that privacy appeared to be almost completely off AARNet's radar. There were few mentions of it, they were hard to find, and a key hot-link was broken. Details are provided in Appendix 2.
A search of the ACMA and ENUM Trial sites was equally disappointing. The word 'privacy' barely appears anywhere on either site. In particular:
Added to that, the 3.7MB PDF of the Launch Presentation on 5 May 2005 does not mention the word 'privacy'. The only bullet-point that could be regarded as encompassing privacy is that on slide 7, referring to 'identification of obstacles, problems'.
Crucially, it is unclear whether the organisations conducting the trials are bound by any relevant conditions, and, if so, where they are specified, whether the trail managers are aware of them, and what is being done to ensure that the conditions are complied with.
The 'Context Document' might have fulfilled such a role. But it is far from clear that any aspects of it at all have actually been imposed on the teams conducting the trial. The privacy aspects are, in any case, relegated to an Addendum. The comments are at best 'Recommendations', and they appear to be entirely unintegrated with the design and the trials. The Document fails to even reference the lists of concerns that were supplied to the DG at the outset of the project, and that it had been understood formed the original privacy agenda for the undertaking.
Despite warm assurances given by DG members over the last couple of years about the importance of privacy, there is considerable doubt that the work of the DG has produced the necessary outcomes, in particular:
The ENUM project appears to remain, as I described it in 2002, an engineer-driven project devoid of awareness of the enormous impacts of information technology, and oblivious to the responsibilities that engineers have to society.
The conception of the technology, and the trials, demand urgent and deep Privacy Impact Assessment (PIA), conducted not from an engineering viewpoint, but from the public policy perspective. A PIA requires funding, not just volunteer effort.
On the basis of the information readily available, neither I nor anyone else can quickly see what the actual and potential privacy threats are, and what privacy protections exist to address them. But, given the lack of awareness of privacy concerns evident in the project, it would be remarkable if whatever protections the scheme provides are adequate to counter its negative impacts.
If the design and the protections are not adequate from a privacy perspective, implementation of the technology must be vigorously opposed by privacy advocacy organisations, and that opposition communicated to consumers, the public, and the media.
The ENUM Trial web-site includes a range of eFora; but to date they contain little sign of life. This paper is being exposed to the participants, and to privacy interest groups, in an endeavour to stimulate major corrections in the course that the project as a whole, and the trials in particular, are taking.
This list is intended to be indicative of the concerns originally expressed in 2002. It does not purport to be comprehensive, nor up-to-date.
The concerns that I understood were being addressed by the Working Group, and that had to be essentially solved before the trial, included the following:
On the AARNet service's home-page, the link for "ENUM Terms and Conditions" points to the top of the registration form. It is necessary to scroll down to "Legal Information ... Registration Service Agreement" to find them.
The FAQ contains almost nothing about privacy, and the link labelled "published policies from the ACA" was broken - because ACA ceased to exist on 30 June, and the ACA and ACMA web-master(s) failed to provide for forward-compatibility of links and bookmarks. The target document is only 1-1/2 pages long, and does not contain the word 'privacy'.
I browsed and searched the ACMA site, but found nothing relevant.
The registration form for those categories of individuals who are qualified to participate in the trial contains a list of privacy conditions in Schedule 4 that appear at first glance to be no more than the organisation's minimum obligations under the law.
It is not apparent that the deep privacy threats that ENUM entails have loomed at all large in this first ENUM trial. Indeed, there is little to suggest that the project team are aware of them, of any conditions imposed upon the trial, or of any obligations in relation to ensuring that the trial delivers new information about privacy, threats to it, and protection against those threats.
Note: These comments were provided to AARNet on 6 July 2005. The broken link was quickly fixed, but at the time of writing no substantive response to the more serious concerns had been received.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Baker & McKenzie Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 8 July 2005 - Last Amended: 8 July 2005 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/ENUM0507.html