Attachment 3

How CLI and CND Services Work

25 June 2003

Discussions concerning telecommunications industry regulation and the privacy protection of telephone callers (including dial-up Internet users) may be made unduly difficult and confusing in the absence of a common understanding of the term "Calling Line Identification" ("CLI") and knowledge of how CLI based services work.

This document describes what CLI is and how CLI based services work, including how telephone call carriers in Australia intentionally and unnecessarily disclose blocked calling party numbers to Internet Access/Service Providers.

Contents


Calling Line Identification ("CLI") - Description

Calling Line Identification ("CLI") is a telephone network signalling capacity that generates data, at the time a telephone call is established, that identifies the calling party telephone number/s (i.e. the billing telephone number and in some instances also other numbers, such as an extension number in an office).

CLI based services are a set of products, developed using that telephone network signalling capacity, that package the calling party number information (and sometimes also other information) in different ways in order to sell, or freely provide, it to consumers of telecommunications services. Calling Number Display ("CND") is a CLI based service.

CLI is transmitted within the telephone network, but CLI based services are taken past the network into the customer access network or 'local loop', using software installed in the telephone exchanges [3].

In the Calling Number Display Industry Code (C522) , developed by Australian Communication Industry Forum ("ACIF Code") [1], a broad and internationally unusual [2] description of "CLI - Calling Line Identification" is used. The description includes both personal information (e.g. calling party number) and also other information that is not, of itself, necessarily personal information (e.g. the date and time of a call). It states:

  • "CLI means Calling Line Identity or Calling Line Identification. Data generated by a network which relates to the telecommunications service of the originating call" [1]
    and
  • "CLI is data that is generated at the time a call is established and passed through the carrier networks, and includes the called party's number, the calling party's number, the date and time of the call, the call's duration and routing." [1]

As CLI is generated at the time a call is established, obviously it cannot include the call's duration, which is not known at call establishment. Further, the term "Calling Line Identification" clearly refers to the calling line, CLI does not include the called party's number.

The phrasing in the ACIF Code is, apparently, an inaccurately summarised version of information that originated in the 1992 AUSTEL Telecommunications Privacy Report which stated:

"Calling Line Identification is data that is generated at the time a call is established. In general, when a telephone call is made through parts of the network with the technical capacity information is passed within the network about -
  • the called party's phone number
  • the calling party's phone number
  • the time of day
  • the duration of the call
  • the routing of the call" [3]

CLI is the information containing the calling party's phone number. CLI, and the other information, is passed through the telephone network.

While there is merit, in terms of protecting privacy, in placing restrictions on the use and disclosure of a range of information passed through the telephone network, an inaccurate description of "CLI" that includes a range of data, in addition to calling party number, can be used to claim that "CLI" is necessary for the operation of all telecommunications services. However, in fact, some service providers do not need to know the calling party number, although they may need to know the time and duration of a call and Australian telephone network service providers are technically and readily capable of preventing unnecessary disclosures of personal information.

It should also be noted that some people use the term "CLID" instead of "CLI" when they mean 'Calling Line IDentification'. However, other people use "CLID" when they mean 'Calling Line Identification Display'. Hence, use of the term "CLID" should be avoided in order to minimise potential misunderstandings.

In the remainder of this document "CLI" means data that is generated at the time a telephone call is established that identifies the calling party telephone number/s.


How Calling Line Identification Services Operate

Introduction

This section provides an overview of how Calling Line Identification services operate. It has been derived from:

  • Technical specifications and guidelines developed by the Australian Communications Industry Forum ("ACIF") for the Australian telephone network and network interconnection [4],
  • CLI Industry Codes of Practice issued by regulatory authorities and industry organisations in overseas countries using the same international standards for telephone networks as Australia [2],
  • Technical standards/specifications for systems facilitating Internet access - user authentication, accounting, etc [8],
  • other documents listed in the References section.

CLI has been passed between telephone call carriers for many years. It is only in relatively recent years that telephone network technologies developed to the stage that supplementary CLI based services could be provided to end users, such as Calling Number Display ("CND") and CND Blocking services.

The Australian Telecommunications Authority ("AUSTEL"), in its 1992 Telecommunications Privacy Report, explained why carriers need to share CLI:

"The sharing of CLI between carriers is mandatory under the General Carrier Licences held by AOTC [Australian and Overseas Telecommunications Corporation, later renamed Telstra] and Optus because it is essential to the introduction of long distance service competition. In a competitive long distance environment a particular call may be carried on networks operated by different carriers and service providers. For example, where a company in Adelaide chooses Optus as its long distance carrier and makes a call to Sydney, AOTC carries the call to the nearest point of interconnection with Optus, Optus carries the call from that point to the point of interconnection in Sydney nearest to the called party and then hands the call back to AOTC for delivery through the AOTC's Sydney local loop to the called party. Without the passage of CLI, Optus would be unable to identify and bill the Adelaide company." [3]

It is clearly often essential for telephone call carriers to pass CLI through their networks during passage of a call between the originating and terminating telephone exchange.

CLI is passed to carriers irrespective of whether the supplementary services, that enable delivery of a calling party number to the called party, are activated within the telephone network. In the international and ACIF telephone network signalling system specifications, the supplementary services are named:

  • Calling Line Identification Presentation ("CLIP"): A supplementary service offered to the called party which provides the calling party's number to the called party.

    The "Calling Number Display (CND)" service, as referred to in Australia, is a CLIP service.

  • Calling Line Identification Restriction ("CLIR"): A supplementary service offered to the calling party to restrict presentation of the calling party's number to the called party.

    The CND Blocking service, as referred to in Australia, is a CLIR service.

For each telephone line service, the default status of the CLIR/CND Blocking service is configured in the relevant telephone exchange (i.e. in the exchange to which a line is connected).

In Australia, in the case of an unlisted (silent) number, telephone service providers are required (by an enforceable Industry Code of Practice) to set the default status of the line to blocking (a "permanent block"), unless the telephone service subscriber has specifically requested otherwise. They are also required to place a permanent block on any other number on request by the subscriber.

Apart from those rules, telephone service providers choose the default status of the lines they provide, for example, Telstra's default is CND not blocked, while Optus's default is CND blocked (as at early June 2003).

When a call is made, it is (should) be transmitted by the originating network with a line blocking status in accord with the default setting, unless the caller has dialled a code to instruct the exchange to send that call with a different setting.

However, any carrier involved in transmission of the call can over-ride the caller's express line blocking instructions and disclose blocked numbers, including unlisted/silent numbers, to the called party. This is occurring in Australia (as at June 2003) on calls made, at the least, to Internet Access/Service Providers.

The following sections describe how blocking instructions are transmitted through the telephone network and the steps carriers can take to over-ride the caller's, and the originating carrier's, line blocking instructions without their consent or even knowledge.

Call Establishment

During the initial phase of an outgoing telephone call, an Initial Address Message ("IAM") is sent to initiate seizure of an outgoing circuit and to transmit number and other information relating to the routing and handling of the call. The initial signalling message sent by the originating exchange includes, among other things:

  • Calling Party Number: Information sent to identify the calling party.
  • Address Presentation Restricted Indicator: Information sent to indicate that the calling party number is not to be presented to a public telephone network user, but can be passed to another public telephone network provider. It may also be used to indicate that the number cannot be ascertained by the network. The indicator may contain data signifying either "presentation allowed" or "presentation restricted" or "presentation restricted by network".
  • Screening Indicator: Information sent to indicate whether the number information was provided by the user or the network (e.g. automatically generated by the network). The indicator may contain data signifying the number is "network provided" or "user provided, verified and passed".
  • A Generic Number (Additional Calling Party Number) may also be sent together with associated presentation restriction and screening indicators. This number is a supplementary service that may be offered to callers who wish to use a different presentation/display number than their 'main' number. It may, for example, be a direct dial-in extension number (behind a PABX switchboard), that is, a number different from the default Calling Party Number associated with the billing account.

It is the "Address Presentation Restricted Indicator" that, at least in technical theory, controls whether or not the calling party number is made available to the called party by way of the Calling Line Identification Presentation/Calling Number Display service.

If the default line status is blocking, (for example, most silent numbers and possibly many Optus numbers), all calls made from the line are transmitted by the originating exchange with an Address (number) Presentation Restricted Indicator ("APRI") set to "presentation restricted", unless the caller dials an unblocking code which instructs the exchange to transmit that call with the APRI set to "presentation allowed".

Although this technological process is capable of working effectively to prevent disclosure of 'blocked' calling party numbers, it is only effective if all carriers involved in transmission of a call respect the blocking instructions sent to them by the originating carrier.

Transmission of CLI between telephone network providers

As discussed earlier herein, the Calling Party Number is normally transmitted across interconnecting telephone networks because the information is often essential for billing callers for the calls they make. The Calling Party Number (and any additional calling party numbers) are transmitted regardless of the setting of the Address Presentation Restricted Indicator ("APRI").

Whether or not a "presentation restricted", i.e. blocked, calling party number is delivered to the called party depends on, for example:

  1. the originating telephone service provider placing the caller's restriction choice in the APRI,
  2. transit network providers respecting/not changing the content of the APRI,
  3. the terminating network provider/exchange respecting/not changing the content of the APRI,
  4. whether or not the called party is in an override category (as provided for in the technical specifications for, e.g., emergency services such as calls to 000).

The originating and/or transit network providers do, however, have the technical capability to prevent transmission of blocked calling party numbers to other network providers, for example, if they are not satisfied that a transmitting or terminating network provider will respect Calling Line Identification Restriction settings. In this regard, for example, the ACIF specifications state:

"2.1 General description
When Calling Line Identification Restriction (CLIR) is applicable and activated, the originating node provides the destination node with a notification that the calling party's ISDN number and any sub-address information are not allowed to be presented to the called party. In this case no calling party number is included in the call offering to the called party's installation.

Note - When CLIR is subscribed to, some network providers may not wish to send the originating identity of the calling customer to other network providers." (ACIF G500:2002, Part F.2)

This technical capability is used, for example, by network providers in Europe to strip calling party numbers from call signalling messages sent to network providers that do not, or may not, comply with EU privacy protection laws. For example, the U.K. Office of Telecommunications Code of Practice for CLI services states:

"Rule CLI-19 If the network to which a call is being forwarded cannot, or does not, conform to the Rules set out above, and if any of the received CLI information is classified as 'withheld' or 'unavailable' the forwarding network shall not send any CLI information to that network and the CLI classification shall be set to 'unavailable'." [2a]

Transmission of CLI to telephone call recipients (Called Party, B-Party)

When a call reaches the terminating telephone exchange, that is, the exchange to which the called party's line is connected, the exchange normally checks the Address Presentation Restriction Indicator.

If the APRI is set to "presentation restricted" the exchange does not (should not) send the calling party's number down the line to the called party.

If the APRI is set to "presentation allowed", the exchange transmits the calling party number during the ringing stage of delivery of the call to the called party (if the called party is subscribed to the CLI Presentation service).

The called party's telephone answering equipment may receive the calling party's number in various ways including: in the form of information that is displayed on a telephone or computer screen, or automatically recorded in a database, or as an audio message, etc.

Forwarding of CLI data to Internet Access/Service Providers

Some Internet Access/Service Providers who sell a dial-up Internet access service receive blocked Calling Party Numbers from telephone network providers by a means entirely different from the receipt of CLI, a calling party number, in an incoming or transitting telephone call.

In many instances, the ISP does not receive the telephone call at all. Instead the telephone call carriers use their privileged access to blocked Calling Party Numbers to collect the number from an incoming telephone call that terminates on their own equipment, and then disclose the Calling Party Number to an ISP in a message that has nothing to do with telephone call signalling system messages. Moreover, the Calling Party Number is not necessary, nor is it used, to identify/authenticate the ISP's customer for the purposes of providing Internet access or billing.

An example of the above is Telstra's MegaPOP service [5]. Although Telstra claims that line blocking is "not available" for calls to its MegaPOP service [6], blocking is technologically available, but Telstra chooses to ignore callers' line blocking requests. Other call carriers, including at least Comindico and Optus, provide dial-in services to ISPs (similar to Telstra's MegaPOP service) and disclose blocked calling party numbers in the same manner. The process operates as follows.

  1. Telstra provides an ISP with (among other things) a Telstra MegaPOP 01983 number which the ISP advertises as its dial-up Internet access number. The number terminates on (is answered by) Telstra owned and operated equipment.

  2. A caller who is a telephone service customer of Carrier-A and who is also a dial-up customer of the ISP, dials the 01983 number (i.e. their modem dials the number).

  3. Carrier-A's telephone call network recognises the 01983 number its customer has dialled is on the Telstra network and routes the call to the Telstra network, usually to the nearest point of interconnection between Carrier-A's and Telstra's network.

  4. If the call was made with a calling line identification block in place, Carrier-A network's signalling message (assuming it complies with ACIF/internationally standardised signalling specifications) automatically notifies the Telstra network that the calling party number delivered to the Telstra network is "presentation restricted" i.e. not to be transmitted to the called party.

  5. The Telstra network transmits the call to a Telstra telephone exchange, and the exchange transmits the call to the Telstra MegaPOP service telephone call answering equipment. (The MegaPOP call answering equipment is housed in various Telstra exchange buildings).

    At this stage the call terminates, that is, the call is answered by the Telstra MegaPOP call answering equipment.

    The caller's telephone service provider, Carrier-A, has fulfilled its contracted obligation to provide a telephone service that enables its customer to establish a connection with a called telephone number. It has achieved this, in part, by way of its network interconnection agreements with another call carrier, Telstra. However, whether it has fulfilled its obligation to ensure that calling line identification blocking is implemented, and effective, depends on whether the other carrier, Telstra, respects or overrides the line blocking status indicator transmitted to it by Carrier-A. When Telstra chooses to over-ride line blocking, it can do this by for example:
    • changing the Address Presentation Restricted Indicator from "presentation restricted" to "presentation allowed" during the call's passage through Telstra's telephone network, or
    • place its own MegaPOP system in an 'override category' that, according to the internationally standardised signalling specifications, is provided as a 'national option' so that governments/regulators may, if they wish, require that line blocking be over-ridden on calls made to e.g. emergency services.

    Since Telstra over-rides line blocking, the Telstra terminating exchange will transmit a blocked calling party number to the MegaPOP call answering equipment during the ringing tone phase of the call.

  6. After the Telstra MegaPOP system has answered the telephone call, it establishes a session with the caller's computer and prompts for the caller's Internet access username and password. These have usually been entered on the caller's computer before the modem dialled the number, so that the computer can automatically send same when prompted.

  7. A Telstra RADIUS server (Remote Authentication Dial In User Service) [7], which is a component of the MegaPOP system, sends an authentication request message containing the username and password (and other items of information) to the ISP's RADIUS server (normally housed in the ISP's premises). The ISP's RADIUS checks the validity of the login information (for example, against a database of valid logins) and sends a message back to the Telstra MegaPOP system instructing it to allow (or, if the the username/password is not valid, not allow) the person to log on to the Internet.

    The messages that travel between the two RADIUS servers are not telephone calls, nor are they sent via the public telephone network. The messages travel directly between Telstra and the ISP via a private secure link, usually a frame relay or ATM link.

  8. The calling party number may or may not be sent by Telstra to the ISP in the RADIUS message. This depends on whether Telstra chooses to collect the calling party number (CLI) received with the call its equipment answered and insert the number into the RADIUS message that it subsequently sends to the ISP.

    It is not necessary for Telstra to disclose the calling party number to the ISP because, as detailed above, it is the username and password that enables the ISP to authenticate and identify its customer in order to bill the customer for use of its Internet access service. Further, Telstra's web site clearly states that its system does not operate abnormally in this regard. Telstra states: "End user authentication is achieved by user name and password and not by identification of the calling line" [9].

  9. Once the user name/password has been authenticated, the Internet user (caller) is logged on to the Internet.

  10. Later, when the caller's modem disconnects, the Telstra RADIUS sends another message to the ISP's RADIUS so that the ISP knows when its customer logged off from the Internet (necessary, for example, for calculating Internet access fees charged on a time basis).

As can be seen from the above, it is not necessary for the ISP to know the calling party number in order to provide the Internet access service. The ISP knows which of its customers to bill from the user name/password received in the RADIUS server message.

In addition, Telstra is readily capable of not disclosing the calling party number to the ISP. It has at least two means of preventing disclosure of blocked calling party numbers:

  • Telstra can configure its terminating telephone call exchange to not send blocked calling party numbers to Telstra MegaPOP call answering equipment, which does not need to receive the number for any reason other than that Telstra wishes to sell, or freely provide, the number to ISPs, despite the express instructions of the caller, and the originating carrier of the call, that the caller's number not be disclosed.

  • Even if the Telstra exchange has not been configured as above and so transmits blocked numbers to the Telstra MegaPOP call answering equipment, Telstra can do either of: (a) not include the number in the RADIUS message sent to the ISP, or (b) include only a partial number, i.e. blank/mask out the last four digits of the number.

    In this regard, RADIUS server messages include a field titled "Calling Station Id" which will contain the calling party number if it was received by the RADIUS server. (Insertion of data in this field is optional, it is not essential to operation of a RADIUS server [8]). Telstra's RADIUS Information Document dated 7 February 2003 [7], made available on Telstra's web site to assist service provider's to correctly configure their RADIUS server to work with Telstra's, states:

    "6.1.5 Called & Calling Station Id
    ...
    The calling number consists of an area code and the first part of the telephone number from which the call was made. For privacy reasons the last three digits of the number have been replaced [i.e. by Telstra] with the letter x."

    and provides an example in Section 6.1.2 as follows:

    Attribute Attribute Number Example Value Explanation
    ...
    Calling-Station-Id 31 "0396403xxx" Telephone number the user dialled from. Complete numbers can be provided for authorised Service Providers.

    Also on their website, Telstra states [9] :

    "During the call authentication with the HSP [Host Service Provider, e.g. ISP], Telstra provides information that will allow the HSP to determine the charge of the call in progress [to be billed to the HSP by Telstra [10]]. Sufficient Calling Line Identification (CLI) information will be included in the RADIUS authentication request. Full CLI will not be passed to the HSP and, where this is available from the network, the four least significant digits of the CLI will be masked out before transmission to the HSP". [emphasis added]

Nevertheless, Telstra sends the full calling party number when the Host Service Provider is an ISP. It is not known what Telstra's current practice is when the HSP is a non-ISP company providing dial-in access to its staff.

Furthermore, although Telstra's MegaPOP system was launched in November 2000 [5], it was not until 18 months later, in March 2002, that Telstra activated calling line identification on its MegaPOP network. As reported in the Australian IT on 25 June 2002 [11]:

"[Telstra] is citing technical, commercial and privacy concerns as obstacles to clear before it can allow ISPs to override blocks on caller line identification.

Telstra spokesman John Court said the number-one telco activated caller line identification on its MegaPOP network in March - meaning Telstra Wholesale, Telstra Retail and Telstra resellers had access to the service but the rest of the ISP world did not.
...
The number-one telco also had to overcome technical issues because the product would work differently depending on whether the customer ISP was using MegaPOP, ISDN, PSTN or another platform.

Mr Court said ISPs were unlikely to be given caller line identification en masse. Telstra might charge a fee for the service and this would be determined by negotiation with ISPs on an individual basis."

The article did not make clear whether, at that time, the CLI based product that Telstra was providing to ISPs involved only provision of calling party numbers for calls made without a CLI block, or whether Telstra had commenced over-riding CLI blocking in order to include blocked numbers in the product.

Subsequently, in October 2002, The Australian IT reported that "IIA chairman [sic] Peter Coroneos confirmed that Telstra, an IIA member, had begun to prevent CLI-blocking on all calls terminating at customers of its wholesale ISP service, MegaPop" [12].

Several months later, Telstra issued a newsletter with telephone bills which contained a footnote stating in tiny print that Telstra's Line Blocking Service is "Not available for calls to 000 or MegaPoP National access service" [6].

Line (CLI) blocking has only become "not available" because Telstra has specifically chosen to configure its telephone network/equipment to over-ride the CLI blocking instructions it receives with telephone calls, in order to include silent and other blocked numbers in a CLI based product that Telstra has chosen, apparently for commercial reasons, to package with the MegaPOP product that it sells to ISPs.


References

1. Calling Number Display Industry Code (C522), Australian Communication Industry Forum ("ACIF"), February 2003 (registered by the Australian Communications Authority, 25 June 2003).
2a. Code of Practice for Network Operators in Relation to Customer Line Identification Display Services and Other Related Services, U.K. Office of Telecommunications (OFTEL), November 2001
2b. ETP Guidelines for Calling Line Identification, European Telecommunications Platform (ETP), September 2002
2c. Calling Line Identification (CLI) Code of Practice [PDF], Gibraltar Regulatory Authority, Information Notice 05/02.
2d. Guide for Calling Line Identity (CLI), Info-Communications Development Authority of Singapore, January 2001
2e. Code of Practice in relation to Calling Line Identification and Other Calling Line Identification Related Services, Office of the Telecommunications Authority (OFTA), Hong Kong, March 1999
3. AUSTEL Telecommunications Privacy Report, Australian Telecommunications Authority, 1992
4. ACIF G500:2002 Specification - Interconnect Signalling Specification for Circuit Switched Networks, August 2002
"specifies the interconnect services and signalling protocol that will be available from interconnecting domestic Australian circuit switched networks". Part F covers the supplementary Calling Line Identification based services.
    ACIF G549:2002 Interconnection Implementation Plan, July 2002
"provides information to assist with the consistent implementation of Interconnection Signalling based on ACIF G500:2002 for a Point of Interconnection (POI) carrying circuit switched services using E1 based transmission and ISUP [ISDN User Part] signalling (I-ISUP)".
(ACIF specifications are based on the international standards issued by International Telecommunication Union - Telecommunication Standardization Sector (ITU-T) and the European Telecommunications Standards Institute (ETSI))
5. Telstra Wholesale MegaPop National
Telstra Media Release (launch of MegaPoP product): Telstra Ensures World Standard Internet Access, 20 November 2000
Telstra News for ISPs, Edition 4, December 2000
"MegaPOP, based on Telstra's Dial IP network..."
6. Telstra News, Issue 8, December 2002/January/February 2003
"Telstra's Line Blocking Service ... Not available for calls to 000 or MegaPoP National access service".
7. Remote Access Dial-In User Service (RADIUS) For Telstra Dial IP, 7 February 2003
"Dial IP is the generic label for the network infrastructure. The retail product terms include Telstra Dial IP, MegaPoP..."
8. RFC2138 - Remote Authentication Dial In User Service (RADIUS), April 1997
(An RFC is a document describing the standards that make the Internet work).
9. Telstra Dial IP - Service Features
10. Telstra Dial IP - Call Tariffs
Telstra Dial IP - Detailed Call Summary
Note: With regard to the call charges referred to in the above Telstra documents, callers to 01983 numbers (e.g. MegaPOP) are billed by their own telephone service provider for a local call, irrespective of distance (as mandated by government regulation). Telstra charges their customer (e.g. an ISP) for each dial-in call made by the ISP's customers at rates based on call distance. As shown on the Telstra website, Telstra is able to provide their customer with only partial calling phone numbers, which are sufficient to show the geographic zones from which calls were made, apparently so that the Telstra customer may check the distance call charges billed to them by Telstra.
11. ISPs want caller ID, Caitlin Fitzsimmons, Australian IT, 25 Jun 2002
12. Privacy battle over CLI, Kate Mackenzie, The Australian IT, 30 Oct 2002


http://www.efa.org.au/Issues/Privacy/cni-technical.html