Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Revised Version of 9 March 2003, published in Privacy Law & Policy Reporter 9, 10 (March 2003) 181-187
© Xamax Consultancy Pty Ltd, 2002-03
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/enumISOC02.html
The PowerPoint slides to support the presentation are at http://www.anu.edu.au/people/Roger.Clarke/DV/enumISOC02.ppt, with a further set used as a 'play within a play', at http://www.anu.edu.au/people/Roger.Clarke/DV/enumOrutra021118.ppt
Originally presented at the ISOC-AU Forum on New Protocols and Standards-Setting in Australia, 3 December 2002. The paper as originally presented and revised is at http://www.anu.edu.au/people/Roger.Clarke/DV/enumISOC02Orig.html
ENUM is a proposal to tie together the longstanding voice telephony system and the newfangled Internet. Specifically, it is meant to provide a means of mapping from telephone numbers to IP-addresses: "today, many addresses; with ENUM, only one", as its proponents express it.
Any such capability would be extremely dangerous, providing governments, corporations, and even individuals, with the ability to locate and to track other people, both in network space, and in physical space. The beneficiaries would be the powerful who seek to manipulate the behaviour of others. It would do immense social, sociological and democratic harm.
The astounding thing is that the engineers responsible for it are still adopting the naïve position that its impact and implications are someone else's problem. With converged computing-and-communications technologies becoming ever more powerful and ever more pervasive, engineers have to be shaken out of their cosy cocoon, and forced to confront the implications, along with the technology and its applications.
Around 1980, an attempt was made to create a super-directory of people. It was undertaken through the International Standards Organisation (ISO) and took the form of the X.500 series of standards. For a variety of reasons, including its scale, technical weaknesses and the explosion of the Internet, X.500 failed to catch on. One element has survived, however, in the form of the (Lightweight) Directory Applications Protocol (LDAP).
A new attempt is being made to create an extensive directory of people. An alliance between the Internet Engineering Task Force (IETF) and the International Telecommunication Union (ITU) is seeking to create a standard called ENUM. The initiative appears to have originated in 1993, and was developed within an IETF Working Group (WG) from 1998 to 2000, but came to notice within the broader Internet community only in September 2000.
The initial specifications are in the process of being articulated, in part by the relevant IETF WG, and in part by a an ad hoc industry association called the ENUM Forum.
The specification is declared in an IETF Request For Comments document, RFC 2916 (IETF 2000d). This in turn refers to a number of other IETF RFCs, in particular 2131 (1997), 2543 (1999), 2782 (2000a), 2806 (2000b) and 2915 (2000c). Reference material is consolidated at NGI (2001-).
In RFC 2916, ENUM is described as "the use of the Domain Name System (DNS) for storage of E.164 numbers". E.164 is the International Telecommunications (ITU) standard that defines the format for telephone numbers, specifically for international and domestic long-distance dialing. For example +61 2 6288 1472 is interpreted as an international dial-code 61 (Australia), followed by the subscriber trunk dialing code 2 (which covers most of NSW and the ACT), followed by a local telephone number within that domain.
Put another way, E.164 enables series of digits ("telephone numbers") to be assigned to devices in countries throughout the world, so as to achieve uniqueness, and enable reliable selection of a desired device to connect with by means of the Public Switched Telepohone Network (PSTN). The ENUM proposal is intended to establish a mechanism whereby E.164 numbers can be mapped to the IP-addresses of devices that are not on telephone networks, but are Internet-connected. The primary focus has been on voice, because Voice over IP (VoIP) is developing quickly; but the proposal would have application to all forms of data-connection as well.
The scope is actually much broader than simplified descriptions like the one above suggest. More fully, "ENUM enables the use of phone numbers as identifiers of services defined as URIs on the Internet as well as facilitate the interconnection of systems that rely on telephone numbers with those that use URIs to route transactions" (Shockey 2002, p.3). URI (short for Universal Resource Identifier) is a generic term for all kinds of object-identifiers used on the Internet, including web-page addresses (correctly called URLs) and email-addresses.
The Australian Communications Authority explains it this way: "The ENUM protocol is aimed at translating numbers stemming from the International Telecommunications Union (ITU-T) E.164 Recommendation into Internet Domain Names. ENUM will allow the linking of telephone numbers with other communications media such as email, fax and mobile numbers. For example, ENUM could enable one number to be used for home, work, mobile and email contact, allowing users to organise when and how they wish to be contacted eg. 9am - 5pm at work (except between 1pm and 2pm when email is preferred), after 5pm on a mobile and after 9pm via email. It provides the link between telephone numbering and computer naming and addressing" (ACA 2000b).
The re-direction of calls to an appropriate number was provided by the Telstra One Number service, using 0-500 prefixes. That service was withdrawn on 1 September 2002, because it failed to attract enough business. Services of the kind ENUM is designed to enable do not appear to have attracted much interest from consumers to date.
The primary driver appears to be the cost savings that large corporations could achieve by routing voice traffic over the Internet rather than via telcos. They are supported in this by relevant technology providers. The concern is that the design of the scheme may be to the serious detriment of consumers and citizens, because of the additional power that it is capable of providing to corporations and governments.
The proposals as expressed in RFCs 2916 and 2915 are fairly vague, defining data structures but not populating them, and creating potentials but not explaining what they are. The vagueness might just be a byproduct of applying the design technique sometimes referred to as 'top-down with step-wise refinement', leaving many details for subsequent articulation. But a sceptic would interpret the purpose as being to obscure some of the real intentions and capabilities of the scheme, and thereby to get the specifications accepted before their implications become apparent.
Considerable activity is currently being undertaken by an ad hoc industry association, the ENUM Forum, whose purpose is to "complete the objective of defining a deployment of RFC 2916 in the US, and potentially other countries within the North American Numbering Plan (NANP) ...".
The current proposal is fraught with technical problems, and has attracted a great deal of criticism on those grounds alone. The primary concerns of this document, however, are with:
In order to identify the ENUM proposal's implications, it is first necessary to recognise the inroads that have already been made into the freedoms of citizens and consumers by the expansion of data surveillance methods, including identification and identity authentication, and location and tracking technologies.
A telephone number for many decades identified a socket in a wall to which a telephone was attached. The number was therefore associated with a location. It could be inferred to be associated with a household, or a small group within an organisation, and hence with specific individuals; but such associations varied in their reliability, and needed to be considered in context. Hence, for decades, anonymous and pseudonymous calls were feasible.
For some time now, telephone numbers have been migrating away from being socket-identifiers. For mobile phones / cell-phones, they identify a hand-set, or a chip-card within a hand-set. The hand-set or chip-card is in most cases much more directly associable with an individual than was the case with wall-sockets and fixed telephones.
A further feature of telephone system through much of the twentieth century was that the caller's location was not disclosed to the called party (although, of technical necessity, it was known to the service providers involved in the call). The default was inverted during the 1990s, with Calling Line Identification (CLI) imposed in order to benefit corporations. The vast majority of consumers are forced to accept the imposition, unaware that their number is disclosed, or that they can block it on a per-line or per-call basis, or how to do so. (In Australia, for example, it is almost impossible to find information about blocking on the telco's web-sites, and the proportion of consumers who are aware of the per-call blocking pre-dial code (1832) appears to be miniscule).
Moreover, locating hand-sets in physical space is intrinsic within the design of cellular technology. The system has to know which small (several kilometer radius), geographical cell the hand-set is currently within, in order to enable communications between the hand-set and the nearest base-station. The policy implications of such person location and tracking technologies are analysed in Clarke (1999b).
A movement is in train intended to make hand-sets locateable to within a few metres, in the near future. This is being driven by an alliance of national security, law enforcement and corporate marketing interests, using as a justification the location of callers to emergency numbers such as U.S. 911 and Australian 000. For people outside the club, these proposals are very difficult to track down. Internationally, they appear to be driven by a U.S. initiative called Automatic Location Identification (ALI), and embodied in an ITU specification embodied in IMT-2000 and described in Recommendation ITU-R M.816. In Australia, they are being developed by an industry association, the Australian Communications Industry Forum (ACIF), under the code-name Mobile Origin Location Indication (MOLI). The process has successfully avoided any significant public participation or even public exposure. As has been the case most of the time since the project's inception, there were at 26 November 2002 "no documents for viewing". At 7 March 2003, a few documents were locatable, each of them 2-3 years old, and none of them comprehensible.
Meanwhile, governments have been busily taking advantage of the increased public concerns about terrorism by increasing the ease with which national security and law enforcement agencies can gain access to call records, the content of conversations and message transmissions, and the location data contained within telecommunications systems.
Rather than being seen as just an engineering challenge, the ENUM initiative has to be considered in the context of these rampant increases in the collection and storage of data that reveals people's communications and movements, and in the accessibility of that data. Note that the concerns are about privacy as it is understood by the population generally, not in the very narrow sense used by some computer scientists (viz. data transmission security, or even just data transmission secrecy). See Clarke (1997a).
Despite the fog that surrounds what the ENUM proposals actually are, the following aspects are apparent:
ENUM would therefore carry much further the trend towards the strangulation of rights to anonymous and pseudonymous speech, and to concealment of one's location. If the scheme were successful, it would establish a unique contact-number for each person, which would be used as a personal identifier, and would facilitate surveillance of communications, and location and tracking, of any and every person, with all of the chilling of non-conformism, and the dire threats to privacy, freedoms and democracy that such social control mechanisms entail (Clarke 1987, 1988, 1994 and 1997b).
The Australian Privacy Foundation recently submitted to a government agency study that (APF 2002):
Electronic Frontiers Australia concluded that (EFA 2002):
In an enlightened era, it might be expected that the ENUM initiative would be the subject of careful consideration from a public policy perspective. Nothing could be further from the truth. The intended standard is being devised by engineers who resent intrusions by people who don't belong to the fraternity, and who fail their responsibility to ensure that the idea is subjected to open, public debate.
The original documents demonstrate nil appreciation of, or concern about, the implications of the initiative. The document contains neither the word 'privacy', nor any other reference to the proposal's social implications. When the question was raised with the Co-Chair of the WG, Richard Shockey, immediately after publication of RFC 2916 in late 2000, he merely attempted to rationalise the appropriateness of the Working Group, ignoring the concerns expressed to him.
Additional evidence of the moral poverty of the initiative is as follows:
None of the many privacy advocates that I have been in contact with is aware of any advocacy bodies having had any significant interaction with the IETF WG. This includes the primary organisations in the area, Electronic Privacy Information Center, Center for Democracy and Technology, and Privacy International.
A U.S. Government document shows that this blasé attitude to social impact is rife. In three short paragraphs in a 39-page document, an Advisory Committee to the Department of State declares that "Consumers should be cognizant of privacy implications" (ITAC-T, 2001, p.24). But it abjectly fails its duty to the American public to force the responsible engineers, and relevant policy-makers and government officers, to even be cognisant of the massive privacy problems, let alone do something about them.
The attempt to sustain an a-moral stance appeared at first to be being carried over into discussions in Australia. For example, a slide-set used in a joint ACA/CSIRO/AARNet presentation in May 2002 made a single-bullet throwaway mention of privacy in its final slide, buried amongst implementation and business issues. Fortunately, the Discussion Paper issued by the Australian Communications Authority (ACA) in September 2002 was a little more circumspect. The document expressly recognised that threats to privacy were embodied in the proposal (pp. 8-9), and the questions it posed included several that related to policy issues, risks to the public, opt-in, and alternative approaches to security and privacy. It is unclear whether the ACA have taken on board the criticisms and recommendations in this paper, and the submissions of the APF and EFA.
In a belated acknowledgement that serious privacy issues arise from the ENUM proposal, Shockey wrote an Internet Draft, which was published in October 2002. This repeats the excuse that "administration, management and control of the zones and administrative portions of the E.164 plan are nation-state issues" (p. 2). It canvasses ways in which identification data could be obscured, but fails to reach any conclusion; and it fails to propose any changes to the draft standards: "The concept of a Service Resolution Service has not been defined in the IETF, however it is within the realm of technical possibility" (p.6).
Worse, Shockey specifically rejects the notion that the design should embody consumer and privacy protections: "A variety of businesses and enterprises may wish to expose and individually describe the maximum number of contact points in the global DNS in order to facilitate communications by calling parties by the most convenient means available. Consumers may prefer information about them to be masked or aliases in the DNS, in order to benefit from advanced IP communications, such as SIP, while preserving personal preferences and privacy. What is important is ENUM and the global ENUM system is flexible enough to permit either concept" (p7).
Shockey, Fältström, their fellow WG members, and the corporations that stand behind them, are trying to hide behind the lame old excuse that technology is neutral. They know that in some countries the technology that they propose will be used by powerful marketers to abuse consumers' interests; and that in some countries it will be used by agencies of government to abuse citizens' rights. But they seek to avoid culpability for the harm that will arise should their design be implemented.
15 years ago, it was already abundantly clear that information technologists had to:
Contemporary information technologies are enormously powerful, and pervasive. The failure of the designers of ENUM to reflect the public interest, and to ensure informed public debate, are either inexcusable naïveté, or so inexcusably amoral that some people might regard it as gross moral turpitude. The movement needs to be exposed, and the ITU and IETF forced to either abandon their tool for despots, or recognise the enormous implications of such a standard, abandon the pretence that their work is value-neutral, and open the activity up to public scrutiny and participation.
The conclusions of this paper are that:
The purpose of this paper has been to identify and explain the seriously negative implications that ENUM has for citizens and consumers, and to decry the abject failure of the engineers responsible for the proposal to act appropriately.
To switch into problem-solving mode is fraught with difficulties, because of the lack of digestible information available, and the lack of a privacy and consumer voice in the relevant fora. The following suggestions are therefore necessarily tentative indications of the kinds of measures needed to address the problem:
ACA (2002) 'ENum' Australian Communications Authority, at http://www.aca.gov.au/committee/nsg2/enum.htm
ACA (2002b) 'Introduction of ENUM in Australia - Discussion Paper', Australian Communications Authority, September 2002, at http://www.aca.gov.au/committee/nsg2/discussion.htm
APF (2002) 'Submission to the Australian Communications Authority', Australian Privacy Foundation, 2 November 2002, at http://www.privacy.org.au/Papers/SubmnACA021102.html
Borland J. (2001) 'Technology uses one number to find you on any device' Nowhere to hide column, CNet News, 17 May 2001, at http://news.com.com/2102-1033-257704.html?legacy=cnet
Clarke R. (1987) 'Just Another Piece of Plastic for your Wallet: The 'Australia Card' Scheme', Prometheus 5,1 (June 1987), at http://www.anu.edu.au/people/Roger.Clarke/DV/OzCard.html
Clarke R. (1988a) 'Information Technology and Dataveillance', Commun. ACM 31,5 (May 1988) 498-512, at http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html
Clarke R. (1988b) 'Economic, Legal and Social Implications of Information Technology' MIS Qtly 12,4 (December 1988) 517-9, at http://www.anu.edu.au/people/Roger.Clarke/DV/ELSIC.html
Clarke R. (1993) 'Asimov's Laws of Robotics: Implications for Information Technology' IEEE Computer 26,12 (December 1993) 53-61 and 27,1 (January 1994), 57-66, at http://www.anu.edu.au/people/Roger.Clarke/SOS/Asimov.html
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues', Information Technology & People 7,4 (December 1994) 6-37, at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html
Clarke R. (1997a) 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms' August 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html
Clarke R. (1997b) 'Chip-Based ID: Promise and Peril', Proc. Wksp on 'Identity cards, with or without microprocessors: Efficiency versus confidentiality', at the Int'l Conf. on Privacy, Montreal, 23-26 September 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html
Clarke R. (1999a) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conf., Stockholm, 14-15 June 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html
Clarke R. (1999b) 'Person-Location and Person-Tracking: Technologies: Risks and Policy Implications' Proc. 21st Int'l Conf. Privacy and Personal Data Protection, 13-15 September 1999, pp.131-150. Revised version in Information Technology & People 14, 2 (Summer 2001) 206-231, at http://www.anu.edu.au/people/Roger.Clarke/DV/PLT.html
Clarke R. (2001) 'Persons at Risk', in 'Research Challenges in Emergent e-Health Technologies', July 2001, at http://www.anu.edu.au/people/Roger.Clarke/EC/eHlthRes.html
Cybertelecom (2002) 'DNS: ENum', at http://www.cybertelecom.org/dns/enum.htm
Darling P. (2002) 'NGN Issues - Numbering and Addressing', Australian Communications Industry Forum, at http://www.acif.org.au/ngn_fog/files/FOG03_001.pdf
EFA (2002) 'Submission to the Australian Communications Authority', Electronic Frontiers Australia, 18 November 2002, at http://www.efa.org.au/Publish/efasubm-enum.html
EPIC (2001-) 'ENUM', at http://www.epic.org/privacy/enum/default.html
Huston G. (2002) 'The Lord of the Numbers', ISP Column, May 2002, at http://www.potaroo.net/ispcolumn/2002-06-enum.html
IETF (1997) 'Dynamic Host Configuration Protocol, RFC 2131, March 1997, at http://www.ietf.org/rfc/rfc2131.txt
IETF (1999) 'SIP: Session Initiation Protocol', RFC 2543, March 1999, at http://www.ietf.org/rfc/rfc2543.txt
IETF (2000a) 'A DNS RR for specifying the location of services (DNS SRV)', RFC 2782, February 2000, at http://www.ietf.org/rfc/rfc2782.txt
IETF (2000b) 'URLs for Telephone Calls' RFC 2806, April 2000, at http://www.ietf.org/rfc/rfc2806.txt
IETF (2000c) 'The Naming Authority Pointer (NAPTR) DNS Resource Record', RFC 2915, September 2000, at http://www.ietf.org/rfc/rfc2915.txt
IETF (2000d) 'E.164 number and DNS' RFC 2916, Information Engineering Task Force, September 2000, at http://www.ietf.org/rfc/rfc2916.txt
IETF WG (1998-) '', at http://www.ietf.org/html.charters/enum-charter.html
ITAC-T (2001) 'Report of the Department of State ITAC-T Advisory Committee Study Group A Ad Hoc on ENUM', 6 July 2001, at http://www.nominum.com/ENUM/2001-07-06-ENUM-Report-Department-of-State-Final.doc (viewed and printed in late 2001, directory no longer accessible on 18 November 2002)
ITU (2001) 'ENum' International Telecommunication Union, at www.itu.int/osg/spu/enum/index.html
ITU (2001) 'ITU ENUM Activities' International Telecommunication Union, at http://www.itu.int/infocom/enum/index.html
Lessig L. (1999) 'Code and Other Laws of Cyberspace' Basic Books, 1999
Lessig L. (2001) 'The Future of Ideas' Random House, 2001
NGI (2001-) 'ENum Reference Materials', Center for Next Generation Internet, at http://www.ngi.org/enum/
PT (2002) 'SS7 Tutorial', Performance Technologies Inc., at http://www.pt.com/tutorials/ss7/
RFC2650 (1999) 'Using RPSL in Practice', August 1999, at ftp://ftp.ripe.net/rfc/rfc2650.txt
RIPE (2002) 'RIPE Database Reference Manual', 15 August 2002, at http://www.ripe.net/ripe/docs/databaseref-manual.html
Rosencrance L. (2001) 'Phone number-to-e-mail service raises privacy concerns' Computerworld, 5 October 2001, at http://www.computerworld.com/printthis/2001/0,4814,64475,00.html
Rutkowski A. (2001) 'The ENUM Golden Tree: The Quest for a Universal Communications Identifier' inform 3, 2, April 2001 (97-100), at http://www.ngi.org/enum/pub/info_rutkowski.pdf
Shockey R. (2002) 'Privacy and Security Considerations in ENUM', Internet Draft, October 2002, at http://www.ietf.org/internet-drafts/draft-shockey-enum-privacy-security-00.txt
The Times (2001) 'One number & and no escape anywhere' The [London] Times, 3 September 2001, at http://www.thetimes.co.uk/article/0,,3-2001303964,00.html
In developing this paper, I drew on the efforts of others who have conducted analyses of the ENUM proposal, including the Electronic Privacy Information Center (EPIC) in Washington DC, Julie Cameron of the Australian Privacy Foundation (APF), and Richard Chirgwin and Irene Graham of Electronic Frontiers Australia (EFA). I have also benefited from conversations with John Morris, who is responsible for CDT's Standards Project. I am a Director of both the APF and EFA; but the judgements and remarks in this paper are mine, not those of my colleagues, nor of any of the organisations I am associated with.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Created: 23 October 2002
Last Amended: 9 March 2003
These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content). |
The Australian National University Visiting Fellow, Faculty of Engineering and Information Technology, Information Sciences Building Room 211 | Xamax Consultancy
Pty Ltd, ACN: 002 360 456 78 Sidaway St Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, 6288 6916 |