ENUM

ENUM and Privacy | ENUM in the News | ENUM Resources

Top News

Introduction

Electronic Numbering (ENUM) is a "protocol developed in the IEFT, RFC 2916, for fetching Universal Resource Identifiers (URIs) given an E.164 number."

More simply put, ENUM is a technology that enables a user to store contact information that can be accessed by another person through the use of one phone number. For instance, one could store a fax, voice, voicemail, e-mail, and home address all in a single ENUM Naming Authority Pointer (NAPTR). By using the ENUM, another person could access all the personal contact information contained within the NAPTR.

ENUM employs a open and public international database of contact information. The ENUM database can also include certain rules for contacting a person. For instance, an ENUM registrant could specify that calls after 6 PM should be routed to a cell phone or home phone line. However, a caller using ENUM can ignore these rules.

The Internet Protocol Journal has published a review of ENUM that explains its development, applications, and policy implications.

ENUM and Privacy

ENUM may become a widely-used technology to facilitate convenient communications. However, its privacy implications have not been adequately explored or addressed. For instance, ENUM is a globally-unique number (GUID). Because of the convenience of using a single number to contact another person, ENUM may be assigned to all humans at some point in the future.

ENUM may also become a tool of marketers, spammers, and individuals who wish to harass others. The ENUM database is public and can be searched by anyone. It is likely that marketers, spammers, and malicious actors will mine the database for personal contact information. Since there are no statutory protections in place regulating the use of ENUM contact information, marketers and spammers may use the contact information for junk mail, unsolicited commercial e-mail, and other forms of commercial solicitations. The system could facilitate an unprecedented amount of spam because programs could be designed to send solicitations to all of the registrant's communications devices.

The ENUM security and privacy task group has established a framework of Fair Information Practices (FIPs), however, the protections are largely illusory. For instance, the July 2002 unified ENUM working document asks registrants of service to assume the risk of privacy violations: "...[T]he ultimate form of privacy protection would be to opt-out and choose not to participate in ENUM...Simply put, an ENUM user chooses to load his or her telephone number into the ENUM Golden Tree."

Technically, individuals "opt-in" to having phone service, a fax machine, e-mail, or wireless cellular service. In choosing to use these technologies, individuals do not opt-in to telemarketing, junk faxing, spam, and location tracking. These are costs transferred to the individual by free riders who are taking advantage of technology and either the absence of or weak legal protections. Similarly, ENUM registrants should not have to risk misuse of their personal information, or be subjected to unsolicited commercial advertising.

The approach of the security and privacy task group also ignores quality of consent. That is, many future ENUM users may be required to have an account as a result of corporate policy. Additionally, as the ENUM service becomes more popular, ENUM may become necessary for participation in modern communications.

Privacy issues in ENUM need to be addressed by a systems of FIPs that provide users actual rights. These include:

ENUM in the News

ENUM Resources

EPIC Privacy Page | EPIC Home Page

Last Updated: March 18, 2003
Page URL: http://www.epic.org/privacy/enum/default.html