2 November 2002
This document is at http://www.privacy.org.au/Papers/SubmnACA021102.html
Mr Neill Whitehead
Australian Communications Authority
PO Box 13112
MELBOURNE VIC 8010
2 November 2002
Dear Mr Whitehead
Thank you for the opportunity to make a submission on the "Introduction of ENUM in Australia - Discussion Paper", dated September 2002.
The Australian Privacy Foundation has given considerable thought to the Privacy issues related to the ENUM proposal since it was first muted. ENUM would of course have to comply fully with:
However, our concerns go well beyond strict compliance with the current law, which is only partially adequate to protect privacy in the context of this proposal. In particular, we wish to ensure that individuals are able as far as possible to conduct anonymous transactions (see National Privacy Principle 8), and full rights to service for consumers who choice to exercise their full rights not to participate in ENUM. The trend of organisations to deny service to individuals exercising their rights to privacy is a major concern for the Foundation.
The Foundation is particularly concerned by the provision of an "address" with greater meaning and potential for identification of individuals undertaking multiple forms of communication via varied means. The risk of tracking and obtaining a full range of information about an individual undertaking normal activities and tasks is exacerbated by the use of ENUM.
Members of the Foundation perceive a conflict on interest for any organisation retaining a database comprising a unique identifier for an individual that can then be used for other purposes (eg a single, (reversed?) land line phone number used for fax, mobile and internet communications).
Many people have silent private home numbers but public business and mobile numbers, and personal and public and anonymous internet addresses for different purposes. Which phone number would be used for linkage purposes? Which internet address would be linked? How would the differentiation of uses of different addresses be maintained?
Foundation members are not convinced by the merits of ENUM as submitted in the Discussion Paper. There seems little consumer demand. For example:
What consumer benefits balance the risk of increased surveillance?
The main advantage of a single entity running the registry relates to the allocation of full responsibility for security and privacy. This entity would be legally accountable for any breaches.
This entity must be totally independent of any other organisation and completely separated from any commercial interest in the database, or sale or management or oversight of existing telephony or internet communication services.
The single entity would be required to maintain the integrity and quality of the database. Updated data about users and their communication links would be required to occur on a nearly "real time" basis in order to prevent disruption to services. New users must be registered and "retiring" users removed rapidly.
Changes in data would preferably need to be sourced from users of ENUM rather than a third party to ensure the appropriate permissions to use/exchange data from different sources and services providers are obtained.
The cost of the services would need to be met only by the users of the service and not by a "tax", "levy" or other price adjustment on any non-user of ENUM.
Multiple databases would be preferable only because from a security and privacy viewpoint personal information cannot be accessed via a single source. However this separation makes accountability for breaches more difficult to apply.
Multiple registries increase the risk of errors and poor data quality. Extensive datamatching and checking would be required to avoid mismatch. A major cost to users would relate to the loss of privacy and loss of control over the exchange of personal information from service providers to the ENUM database. There is a risk of misallocation of numbers to individuals and additional errors in billing.
The Registrar functions associated with ENUM require further clarification. The extent of these functions depends on whether a strong model of identity verification is required.
A list of the issues that could be considered by ACA can be found in the earlier discussions related to PKI and Project Gatekeeper compliance, currently being handled by NOIE.
Some of issues relate to how ENUM will address the National Privacy Principles particularly:
The database would be a desirable source of information for numerous organisations, including law enforcement agencies, foreign governments, and debt collectors. Security and strict limitations on access are paramount. In addition, depending on how the service is established, there would be a significant risk of a denial of service attack on the ENUM database.
The data management aspects of ENUM may be very complex. For example:
There is a question about how ENUM would be linked to and within organisations. For example, the identification of individuals within companies is not required for normal commercial transactions. Domain names are issued to companies. Does this mean that ENUM will need to link company directors to organisations? What happens when individuals have multiple roles within organisations?
An email address may be shared, in the same way a landline at a home address is shared. How will the ENUM database deal with overlapping ownership?
We are glad to note that ACA is aware of the risk of identity theft.
We concur with ACA concern related to the legal complexities of the convergence of the internet and telephony.
The complexity of geographical location numbers for telephony communications is already significant, but not as complex as the geographical distribution of internet users and especially internet service providers. Australians can select internet service providers overseas or interstate. In these cases, which jurisdiction will apply? Extraterritoriality is becoming a major issue both for law enforcement and the retention of civil rights.
The use of multiple channels of communication would make billing even more complex. Currently consumers have little or no chance of querying billing for local calls on a landline. Presumably the cost of using the internet channel would be cheaper, but how could the consumer either track the channels used for each call or assess the correctness of the charges. We see little advantage to the consumer.
We are interested in ascertaining how owners of private channels will bill telephone service providers.
Discussions related to the Gatekeeper PKI compliance requirements provide a useful guidance. We suggest that your organisation undertake discussions with NOIE.
Discussions related to the Gatekeeper PKI compliance requirements provide a useful model, although there have been significant problems in the implementation of privacy criteria in that framework which must be avoided. We suggest that your organisation undertake discussions with NOIE.
The Foundation agrees that all of these issues are valid and should be investigated.
We are also concerned about issues that the impact on consumers of:
Another key issue that has not been addressed relates to the cost of registration for ENUM. There is a perception that ENUM is just another lucrative source of revenue and possibly a source "allocated" to a monopoly.
Discussions related to the PKI Gatekeeper PKI compliance requirements provide a useful model. We suggest that your organisation undertake discussions with NOIE.
The proposal for an "opt in" method of adoption is commended. This is the only model that would be considered as acceptable by the Foundation. Foundations members strongly oppose the "opt-out" option.
The benefits of the 'opt-in' approach is the retention of the rights of consumers. The risk is that few consumers will select ENUM but that is a risk to the commercial viability of ENUM - not to the public interest.
The use of a randomly selected, meaningless, unique number or series of numbers to which phone numbers and internet addresses could be linked may provide additional security. There may need to be several numbers to allow for the different roles consumers play (eg business and personal). Mapping to the reversed phone number is already required so that the cost would not be prohibitive. Perhaps if a user knew the phone number of a person and wanted to send an email, they could obtain it from an ENUM website address.
See the comments to question 10
Foundation members do not believe a pilot should proceed until the key issues raised in the Discussion Paper and in submissions are resolved. It should certainly not proceed without the express approval of the Federal Privacy Commissioner.
The Foundation would not participate in a trial but will certainly monitor progress and comment on the outcome.
If you would like further information about this submission please contact us.
Australian Privacy Foundation
Level 14, 49 York Street
SYDNEY, NSW 2000
For further information, contact:
Tim Dixon, Director, (02) 9231 4949 or 0411 114411, TimDixon
Dr Roger Clarke, (02) 6288 1472 or 6288 6916, Roger.Clarke@anu.edu.au
Go to the APF Home Page.
Send an email to APF
Created: 18 November 2002
Last Amended: 18 November 2002
APF thanks its site-sponsor: