The Telecom Regulatory Authority of India (TRAI) recently received a reference from the government; this is to initiate the consultation process for “Know Your Customer (KYC)” based identification (as verified by the telecom operator) for display of the calling party on the callee’s Smartphone.
While the proponents indicate that this will provide increased accuracy and transparency in caller identification, opponents have always been wary of privacy intrusions posed by such mandates.
The “Caller ID” service using Automatic Number Identification was introduced for the first time in 1987 by the then regional Bell Operating Company – New Jersey Bell in the US. Subsequently it was promoted in all areas of the US and in other countries as well. However, there was an immediate backlash with New York Times asking whether the Caller ID was a “friend” or a “foe”.
First, there are privacy concerns — rights of the caller who may want to protect her caller ID and the right of the callee to know the caller identification to minimise her privacy intrusions as well as to protect herself against spamming. Privacy interests of both these parties often conflict.
Thus Caller ID, by providing some information about the caller, can minimise the privacy intrusion of the callee, thereby providing an option for informed choice to pick up the call or decline. While privacy advocates argue for the privacy of the caller, anonymity may not hold good when the caller initiates the communication with a callee. Won’t you advise your child to hang up immediately when the caller addresses her as “Guess who is calling?”
In this situation, the burden of proof of disclosing the identity lies squarely with the caller. Most of the implementations include options wherein the caller presses additional codes after dialling the callee’s number to allow display of the caller ID.
However, the caller ID in a business setting can be a different matter — such the the firms’ intention to collect information related to their business by concealing their identities when they call. Alternatively, telemarketers induce callers to make calls to a number for some worthless gift, thereby collecting enough information using Caller ID for aggressively selling merchandise or defraud the unwary.
In the age of Big Data and Smartphones, applications such as Truecaller, Hiya and Everybody use the crowdsourced information to display the caller ID.
Hence, even if someone does not have the app (aka “non-user”), their information can be sourced by the app system through the address book of her social connections and displayed to the callee.
These non-users do not have control over their personal information and have not also explicitly consented to the caller ID collection and display process. This places them in a vulnerable position. In this crowdsourced setting we have had instances where the caller ID displays names that are not representative of the caller. How about receiving a call from Jewel Singh with the caller ID displaying that the call is from a jewellery store! Here is where verified display of caller IDs such as the ones proposed will be accurate.
Further, how is this different from the phone directories of the past wherein the telephone numbers of subscribers are printed and distributed? While this is a callee’s prerogative to display numbers, caller ID reveals callers’ intention to reveal their phone number using a “reverse lookup” of the name given their numbers.
The second issue is the property right one has over her telephone number. Most countries have not prescribed this right clearly. Does the telecom company that provided you with the number has the rights to distribute it to others? Or do you hold the right to your telephone number as your personally identifiable information?
If latter is the case, then all the data protection and privacy regulations hold good and you should be the one to decide how and whether your caller ID should be displayed.
ID spoofing threat
Third — caller ID spoofing is rampant and is used for a variety of misuse and fraud incidents. These include credit card frauds wherein a callee receives a call as if from a bank and shares sensitive passcodes, or “swatting” wherein false alarms sent to emergency services such as ambulance/fire, triggering some tragic events.
Though there have been technology developments in detecting and preventing caller ID spoofing, regulations must address this problem seriously. In the US, the Congress introduced the Truth in Caller ID Act of 2009 that outlaws caller ID spoofing.
However, these laws could not prevent attempts by hackers to use caller ID spoofing for nefarious purposes. Hence apart from KYC based caller ID mechanisms, ID spoofing needs to be curtained by technology and law.
So, the caller ID case is not simple and the regulator apart from making it accurate using KYC, also has to make provisions to: (i) protect the right of the caller to display or not; (ii) protect the rights of the callee in identifying accurately the caller ID and prevent intrusion; (iii) prevent misuse of the displayed Caller ID, now that it is accurate and verified; and (iii) prevent ID spoofing through appropriate technology and legal measures. The Hindu BusinessLine