- EPIC Files Comments on ENUM. In comments to the ENUM-Forum, EPIC advocated a framework of protections for enrollees and users of ENUM. ENUM is a developing technology that enables a user to store contact information that can be accessed by another person through the use of a single number. The system may facilitate spam and other unsolicited commercial messages. Additonally, Roger Clarke submitted ENUM - A Case Study in Social Irresponsibility to the ISOC-AU Forum. More information is available at Roger Clarke's ENUM Page. (Nov. 25)
Electronic Numbering (ENUM) is a "protocol developed in the IEFT, RFC 2916, for fetching Universal Resource Identifiers (URIs) given an E.164 number."
More simply put, ENUM is a technology that enables a user to store contact information that can be accessed by another person through the use of one phone number. For instance, one could store a fax, voice, voicemail, e-mail, and home address all in a single ENUM Naming Authority Pointer (NAPTR). By using the ENUM, another person could access all the personal contact information contained within the NAPTR.
ENUM employs a open and public international database of contact information. The ENUM database can also include certain rules for contacting a person. For instance, an ENUM registrant could specify that calls after 6 PM should be routed to a cell phone or home phone line. However, a caller using ENUM can ignore these rules.
The Internet Protocol Journal has published a review of ENUM that explains its development, applications, and policy implications.
ENUM may become a widely-used technology to facilitate convenient communications. However, its privacy implications have not been adequately explored or addressed. For instance, ENUM is a globally-unique number (GUID). Because of the convenience of using a single number to contact another person, ENUM may be assigned to all humans at some point in the future.
ENUM may also become a tool of marketers, spammers, and individuals who wish to harass others. The ENUM database is public and can be searched by anyone. It is likely that marketers, spammers, and malicious actors will mine the database for personal contact information. Since there are no statutory protections in place regulating the use of ENUM contact information, marketers and spammers may use the contact information for junk mail, unsolicited commercial e-mail, and other forms of commercial solicitations. The system could facilitate an unprecedented amount of spam because programs could be designed to send solicitations to all of the registrant's communications devices.
The ENUM security and privacy task group has established a framework of Fair Information Practices (FIPs), however, the protections are largely illusory. For instance, the July 2002 unified ENUM working document asks registrants of service to assume the risk of privacy violations: "...[T]he ultimate form of privacy protection would be to opt-out and choose not to participate in ENUM...Simply put, an ENUM user chooses to load his or her telephone number into the ENUM Golden Tree."
Technically, individuals "opt-in" to having phone service, a fax machine, e-mail, or wireless cellular service. In choosing to use these technologies, individuals do not opt-in to telemarketing, junk faxing, spam, and location tracking. These are costs transferred to the individual by free riders who are taking advantage of technology and either the absence of or weak legal protections. Similarly, ENUM registrants should not have to risk misuse of their personal information, or be subjected to unsolicited commercial advertising.
The approach of the security and privacy task group also ignores quality of consent. That is, many future ENUM users may be required to have an account as a result of corporate policy. Additionally, as the ENUM service becomes more popular, ENUM may become necessary for participation in modern communications.
Privacy issues in ENUM need to be addressed by a systems of FIPs that provide users actual rights. These include:
- Purpose specifications that detail the reason for which data from registrants is collected.
- Use limitations that prevent personal information from being employed for unrelated, secondary purposes, such as profiling or spam.
- Genuine consent provisions that allow the individual to choose whether or not to enroll, and choice over what data is included in the record.
- Notice of all information collection associated with ENUM, including the information stored in the registrant's account and whatever network usage that is monitored on a personally-identifiable level.
- Genuine control over unauthorized uses of personal information in the ENUM account.
- Access to ENUM account and transaction information.
- A right to withdraw from ENUM, and to have account and usage information expunged. If ENUM portability is fully achieved, the right to withdraw from ENUM becomes especially important.
- Collection limitations that set a principle that information collection should be minimized. Wherever possible, individuals should be able to enroll in services anonymously or pseudoanonymously.
- Protections against government or law enforcement acquisition of ENUM usage or account information without proper judicial oversight.
- Accountability provisions that give individuals genuine recourse against individuals who misuse their information.
- U.S. Endorses Merging Telephone, Internet Numbers, Yahoo News, February 13, 2003.
- NTIA Letter Endorsing ENUM, NTIA, February 12, 2003.
- EFA expresses security concerns over ENUM, SMH, November 27, 2002.
- Enum's potential applications aren't as widespread as promised, New Architect, July 2002.
- Internet Telephone Numbering System (ENUM) offers promise of a single point of contact for all communication devices, ITU Press Release, May 31, 2002.
- Listing Again, The Economist, April 11, 2002.
- Phone number-to-e-mail service raises privacy concerns, Computerworld, October 5, 2001.
- Your Rights Online: A Number For Everything, Slashdot, September 4, 2001.
- One number & and no escape anywhere, The Times, September 3, 2001.
- Single-Number Plan Raises Privacy Fears, Los Angeles Times, September 2, 2001.
- ENUM Brings VoIP Into the Telephone Mainstream, Phone Plus International, June 15, 2001.
- Net promises closer ties, BBC News, June 14, 2001.
- ENUM--Mapping the E.164 Number Space into the DNS, Internet Protocol Journal, June 2002.
- Technology uses one number to find you on any device, CNET, May 17, 2001.
- ENUM hooks up phone numbers to a host of addressing schemes, Internet World, May 15, 2001.
- Say goodbye to missed connections, CNET, February 20, 2001.
- Electronic Frontiers Australia (EFA) ENUM Page.
- EFA Submission to Australian Communications Authority re ENUM, EFA, November 2002.
- IETF Charter on ENUM. This page describes the scope of the Internet Engineering Task Force (IETF) working group on ENUM.
- RFC 2916. A memo requesting comments on the use of the Domain Name System (DNS) to map to contact information.
- Washington Internet Project Archive on ENUM. Comprehensive collection of news, resources, and links regarding the development of ENUM.
- ENUM-Forum.org. A website with current information on the development of ENUM and ENUM development mailing lists.
- ENUM.org. Homepage of Neustar's public ENUM trial.
- ITU ENUM Activities. Homepage of the International Telecommunications Union's activities on ENUM.
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.