TUCoPS :: Phreaking Caller ID :: cndtech1.txt

Australian Caller ID - Pros and Cons (mostly con)

Some Calling Number Display technical issues relating to privacy,
usage and security

Robin Whittle      rw@firstpr.com.au

http://www.ozemail.com.au/~firstpr/cnd/

Written quickly on 26 November 1997 - as we await the finally crunch 
in which Telstra should admit, or be forced to admit, that it has
not met the PAC requirements for public awareness/understanding.

Please let me know of your suggestions for improving this!



Here are a variety of technical aspects of CND which are not crucial 
to the immediate debate in the next few days about its activation, 
but of general interest in terms of privacy.

This is a minimal technical description - so that non-technical 
readers can read over it and see where the shortcomings, security 
(hackablitity) and other issues arise.

Points mentioned below include:

* CND is not displayable on analogue PABXs.

* CND initially will not display in a Call Waiting scenario.

* Call Waiting CND may not be reliable with more than one box on the 
  line.

* Calling Name Display - how Telstra will not be sending customer 
  names (at least at first) but will use it to display "Payphone" 
  and "Mobile" instead of a number.

* Not all boxes handle the Calling Number messages.

* CND boxes which can dial the stored number typically do so without
  a prefix, such as for CND display / don't display.

* CND displayable numbers from calls originating from PABXs and 
  hunt-groups (business phone installations) may bear no resemblance 
  to the actual caller's number and may not even lead to a number 
  which will be answered.  

* Taxonomy of the various networks and what they are doing with CND.

* Taxonomy of the various forms of connection to the Telstra 
  analogue network and what they are doing with sending and 
  displaying CND.  Good privacy news here - analogue PABXs can't
  display CND.

  
Its a complete dog's breakfast, and in order to understand the human 
implications of this, some technical explanations are necessary.

You may well ask how this was planned. I am sure it wasn't. I have 
had a lot to do with various aspects of Telstra over the years, so 
its not an idle comment.  Telstra is not so much an organisation as 
a seething mass of humanity.  Optus isn't far behind.  Calling 
Number Display is a can of worms from every perspective, not just 
privacy and its impact on telephone usage. "Making life easier" 
indeed!


Displaying CND on an analogue POTS line
=======================================

Within the telco industry, the main network of telephone exchanges 
which connect to customers via analogue lines, is sometimes referred 
to the Public Switched Telephone Network (PSTN).  I won't use that 
term, but keep in mind if someone is drawing distinctions between 
CND in the PSTN and, for instance, GSM or ISDN. 

The analogue fixed line type of CND display and calling is the most 
significant, because of the majority of phone services are of this 
type, but it is only one part of the bigger picture.  For instance 
there are quite a few ways PABXs interface with the network - and 
the current analogue CND service does not allow display on these 
analogue PABXs.

Looking solely at ordinary POTS (Plain Old Telephone Service) 
services, here are the technical issues.  I have today obtained from 
the Telstra Tech Standards people (who I am old mates with in some 
respects at least - having fought side to side with them regarding 
the 1997 Telco Bill which was very nearly disastrous in terms of 
technical standards) their documents on analogue Calling Number 
Display.

The CND aspect of telecommunications is not covered by mandatory 
technical standards, post July 97.  Any device which connects to a 
carrier's network has to conform to certain basic safety, network 
integrity and electromagnetic compatibility standards (TS 002, TS 
004 and the EMC Framework).  There are no mandatory standards for 
Customer Equipment which displays CND.  Prior to July 1997, this was 
a mandatory area, and consequently, AUSTEL WG 2/1 worked hard to 
produce a standard - AUSTEL TS 030 - which is still available from 
Standards Australia.  TS 030 has no legal force any more.  I was 
part of WG 2/1 for this and other work.

TS 030 was an Australian adaptation of the so-called US Bellcore 
standards, with a nod to the European ETSI standard.  Adaptation was 
required since these documents were incomplete, technically 
inadequate and/or unsuitable for Australian ring timings and voltage 
and impedance standards.

Now Telstra has produced a series of its own technical documents, 
which constitute guidance on making CND display units - or the CND 
display function within a telephone or other CE (Customer 
Equipment).  Email Merv Sewell at <MSewell@vcrpcsd1.telstra.com.au> 
and he will be able to email you a set of Word documents - which I 
think are well written and informative.


It seems that Telstra cannot stop the sale of CND boxes which fail 
to meet its technical requirements.  Any CND or other CE which fails 
to meet TS 002, TS 004 or the EMC Framework, can be sold - but only 
with a "Non-Complying" sticker - which I think is the old AUSTEL 
triangle with a circle and a cross through it.

It seems that CND boxes manufactured for the US market, and produced 
for $10 in Taiwan will be sold here en-masse and that many of them 
they will probably work OK.  Buyer beware!  Best to check with 
Telstra before purchasing any particular box.

Also, some US modems are capable of receiving CND modem tones - so 
these are already around, and could be hooked up to a phone line 
(not to answer the call) to get the number, and feed it to a 
database or reverse directory program while the phone is still 
ringing.


POTS Calling Number and Name Display, and Message Waiting 
=========================================================

This discussion relates to the idea of a separate CND box, but it 
could also be a function within a modem or most likely a CND 
function within a phone or perhaps within a "key system" - a multi-
line "Commander" like phone system (which is not a PABX).

The boxes perform three functions:

A - Displaying a number or a reason for the number not being 
    displayed.

B - Displaying a name or a reason for the number not being 
    displayed.

For both the above, time and date information is usually attached.  
Therefore the times and date come from the telephone line, not an 
internal clock in the CND display box.


C - Displaying a "Visual Message Wait Indication" LED or similar.


(CND boxes may also have a facility for dialling the numbers stored 
from previous incoming calls.  In most cases these apparently do not 
allow any prefixes to be added.  Of course this relies on the number 
being sent to the box in a form suitable for dialling - with STD 
codes where needed etc.  That should be OK.  However due to issues 
discussed below, related to calls from PABXs and hunt-groups, the 
number displayed is not necessarily one that will be a valid one to 
ring, or to reach the original caller on.)


Calling Number
--------------

In A above, there are various options for the number being sent by 
the network to the phone - with or without STD prefixes. These are 
carried in the "Calling Number" field of the message the CND box 
gets from the network.

If no number is sent, then there are two options for why it is not. 
These are carried in a separate field called "Reason for Absence of 
Number":

 O = Out of area.  Telstra recommends the box display: "Unavailable"

     This would be when the call comes from somewhere that was not
     capable of providing the number, or was not capable of 
     providing a valid CND display/don't-display bit.

     What the box actually displays could be anything, such as
     "Out of Area" or who knows what else.

 P = Private.  Telstra recommends the box display: "Private".

     This is when the local exchange knows the caller's number
     but the CND display flag is set to "don't display".

     What the box displays could be anything, but it is quite
     likely to be "Private".  Some in the UK apparently show:
     "Blocked" - which I consider to be prejudicial to privacy.

     (CND in the UK and in European countries is technically 
     somewhat different from the US model we are following, so
     its unlikely we will get these boxes here.)
   
However, see below on numbers from payphones and mobiles which do 
not have displayable numbers.


Name Display
------------

Calling Name display is not a function that Telstra is planning on 
implementing as far as I know.  However, they are going to be 
sending "Name" messages to convey the text "Payphone" and "Mobile".

The Name text is in its own field within the message and can be 
arbitrary ASCII text - upper and lower case, up to 15 perhaps (which 
isn't very many) but perhaps longer in the future.  This 15 is a 
limitation stated by Telstra.  How long a name the display box can 
store and display is another matter.

As with numbers, there can be all sorts of messy things with boxes 
not remembering/displaying the full set of longer numbers or names.

If a name is not sent, then a separate field carries the "Reason for 
Absence of Name, which can be "O", or "P" with the same meanings as 
listed above for Reason for Absence of Number.

If there was a name service, how Telstra would assign the names, and 
compress them into 15 characters, is anyone's guess.  I understand 
that in entrepreneurial Hong Kong, hundreds of thousands of dollars 
have been raised by *auctioning* the popular names!

Both name and number can be sent in the one CND message - how the 
box displays this is another matter.

The two uses of the Name function are to indicate that there is no 
number because the call is from a payphone or from an (analogue) 
mobile phone.  In the latter case, since the analogue mobiles can't 
handle prefixes, they are never going to make calls with displayable 
numbers.  In the former case, Telstra does not want to reveal the 
phone numbers of its payphones.  However payphones which are not 
Telstra's (eg. those in hotels etc.) are just ordinary phones as far 
as Telstra is concerned, and so will be making calls with 
displayable numbers (unless their owners opt-out per line, or the 
caller dials the 1831 prefix).

"Payphone"  and "Mobile" are the two "Calling Names" which Telstra's 
exchanges will send to the CND box, in lieu of numbers and (I think) 
in lieu of using "O" or "P" for "Reason for Absence of Calling 
Number".  

The boxes should display and store this text verbatim, so as long as 
the box handles names, then this will show up.  I think there are 
quite a few boxes from the US which don't handle names - so they may 
display nothing when they receive a CND message with no number, no 
reason for absence of number and only a "name".


The "Visual Message Wait Indication" - VMWI - has nothing whatsoever 
to do with Calling Number Display, or with any phone call.

It is a means by which the box can have an LED or a section of its 
LCD (Liquid Crystal Display) to indicate that the customer has one 
or more messages waiting in their voice mail system.  The customer's 
voice mail is handled by some special equipment attached to the 
exchange.  The customer does not want to call it every half hour to 
see if there is a voice message for them (for instance one could 
have arrived when they were out and did not answer the phone, or 
while they were on the phone).  One approach is to provide a 
stuttering dial-tone to tell the customer there is a message waiting 
for them.  Another is to provide that stutter dial-tone and have a 
box automatically pick up the line periodically, analyse the sound 
of the dial-tone and turn a LED on or off accordingly - messy!

This VMWI works by the exchange sending a specific message, 
unlrelated to CND, to the box while the phone line is idle - ie. "On 
Hook".  This is done without any ringing of the bell.  The message 
simply tells the box to turn its VMWI indicator on or off.  VMWI has 
no privacy implications I can think of.


Modes 1, 2, 3 and 4
===================

Now . . . . there are four potential modes in which all the above 
can happen, only two of which are of interest:


   Mode 1  After the first ringing signal and before the second.

   Mode 2  Just before the first ringing signal.
  
   Mode 3  With the phone on-hook, and without ringing the bell and 
           therefore without any association with any call.

   Mode 4  While the phone is in use - "Off-Hook".  (Call waiting!)
        

Mode 1 is the main CND mode.  This is used for both Name and Number 
display.

Mode 2 is not going to be generated by Telstra's exchanges.

Mode 3 is only going to be used for VMWI - and that is something for 
the future.

Mode 4 is for providing Name and/or Number - but only in a call 
       waiting scenario.

Now looking at Modes 1 and 4 in more detail.


Mode 1
------

In Mode 1, the line is controlled by the exchange - this is before 
the phone is picked up and before the caller can send sound to the 
receiving line.  Therefore this information is unhackable by the 
caller (except in that they may do things to their ISDN PABX 
configuration to cause some screwy number to be sent as the calling 
number).

The normal ring cadence in Australia is:

  0.4 sec ON
  0.2 sec OFF
  0.4 sec ON
  2.0 sec OFF


With CND in Mode 1 the phone rings once, for between 0.2 and 0.65 
seconds, then there is a period of a few seconds (5.5 absolute max, 
but more likely 2 or 3 seconds) when various modem tones are sent by 
the exchange to the CND box(es), then the normal ring-ring ringing 
cadence continues.  This can be combined with the distinctive ring 
cadences with different timings - which are part of some Telstra 
services regarding calls from particular numbers, or having an 
automatic switch between a phone and a fax machine on the one 
physical line, but each with a different phone number.

In that 2 or 3 second gap, there is a silent period, some 
synchronisation tones, then the 1200 baud (Bell 202) tones which 
carry the CND message. (These modem tones are pretty simple, just 
1200 Hz for a One and 2200 Hz for a Zero.)

The time depends somewhat on the length of the message. Then there 
is a silent period before the 90 volt ringing signals start again.

If someone picks up the phone while the CND modem tones are being 
received, this should cause the CND box to discard this message.  
Therefore customers wanting to use CND have to let the phone ring 
once, wait, and not pick it up until it starts to ring a second 
time.

The format of the CND message is in the technical doco from Telstra 
- and is the same as the Bellcore US spec as far as I can tell.  
There is a single 8 bit checksum at the end, as a means of detecting 
most, but not all, erroneous reception - so in most cases of 
glitches, the box should see the bad checksum and discard the 
message.  (A checksum is the last byte sent - and is equal to the 
sum of all previous bytes.  The receiver adds all the bytes it 
receives and compares it to what it interprets as the checksum.  If 
there is a difference, then there has definitely been an error - 
however some errors could not be detected in this way, because the 
byte seen as the checksum just might happen to be the value which 
agrees with the total of the erroneous preceding bytes.)

The CND box(es) do *not* send signals back to the exchange in Mode 
1. If there is a glitch which disrupts the reception of the message, 
then there is no means for resending the message.


Mode 4 - Call Waiting
---------------------

The above is a full description of the main CND service - but not of 
CND in a Call Waiting scenario.  The system should be quite 
reliable, assuming the boxes are sensitive enough.  There are a few 
technical issues with having a dozen or so boxes on the line - for 
instance the current they may draw or other potentially nasty 
problems, but in general these do not present operational problems 
unless the box is truly sub-standard (which is quite possible, and 
entirely the customer's responsibility - although they probably have 
no way of knowing this).

Now, the matter of CND in a Call Waiting situation.  Telstra does 
not plan to introduce this immediately - I was told mid 1998 
perhaps.  However it raises some real operational and "security" 
issues.  The fact that the box can receive Mode 4 (and not all will 
be able to do so, unless they really do meet Telstra's spec) means 
that a malicious caller can put whatever messages they like into the 
box, under certain conditions.  Those messages would be 
indistinguishable to the customer, unless perhaps they instructed 
him or her to call the Prime Minister, God or the name contained a 
threat or an insult.

In ordinary operation, with a single CND box, there is no problem. A 
call in progress (either a received call or an outgoing call) is 
interrupted by an incoming call.  The customer puts the first call 
on hold, a tone is sent by the exchange to tell the customer that 
there is about to be a CND message.  Then another tone is sent to 
tell the CND box that a CND message is about to arrive.  At this 
point, the "box" should cut off the audio path to and from the 
customer's hand-set - to stop them hearing the warblng modem tones, 
and most importantly to stop noise from their microphone being mixed 
with the modem tones and therefore disrupting the CND box's 
reception of them.

When the CND box is part of the phone, or key-system, that's easy to 
achieve.  Its not easy if it is a standalone box.  This could be 
achieved by plugging the phone into a switched outlet of the CND 
box.  Without this switching, customers should remain quiet during 
the modem tones, and probably would hold the earpiece away from 
their ear, since they could be reasonably loud.

(Normally corrupted reception would be detected by the CND box 
recognising the received checksum is different from the checksum it 
calculated from the rest of the message it received.  However, since 
it is only an 8 bit checksum, with 256 possible values, in a 
fraction of a percent of cases corrupt reception would not be 
detected - so a garbled number and/or name might be displayed.)

After the CND box has cut off the audio path to and from the 
customer's handset, it should send a tone back to the exchange to 
confirm that there is a CND box ready to receive the message.  This 
is the "Acknowledge" signal - a brief (0.06 second) burst of DTMF 
tone dial tone - either for the "A" or the "D" digits (which are a 
part of DTMF, but not normally buttons on phones).  Which one to 
send depends on whether the CND box is an "ADSI" compatible box or 
not.  Now what's ADSI????  I think I knew, once - its something to 
do with a whole raft of other functions for displaying arbitrary 
messages and doing other complex user interface things - none of 
which have anything to do with Telstra's plans for CND.

If the exchange gets this Acknowledge tone, then it sends the silent 
period, synchronisation tones, modem tones and silent period as for 
Mode 1 - with the same message format for Number and/or Name, with 
reasons for absence of either or both, and with the time and date.

If the exchange does not receive an Acknowledge signal, then it 
doesn't send the CND message and I think it would carry on with the 
normal call-waiting procedures for switching in the new call.  (The 
CND box's audio muting would time out.)


There are two serious operational / security issues here.


Problems with multiple CND boxes in Mode 4
------------------------------------------

Firstly, it cannot be guaranteed that if the customer has two or 
more CND boxes on the one line, that the exchange will recognise the 
Acknowledge signals they both generate.  It is conceivable that the 
pairs of sine-waves which make up each DTMF tone pair, are actually 
out of phase on one box, with respect to the other.  This means the 
completely or partially cancel out and therefore would not be 
recognised by the exchange, causing it to abort from the CND message 
sending procedure.  This could be work OK most of the time, and fail 
a few percent or the time. 

As the internal timings of the boxes change, they may work together 
or null each other out.  Having 3 or more boxes probably reduces the 
chances of complete cancellation - but it would still be unreliable.  
Also, what if some boxes are "ADSI" and some aren't?  Some would be 
sending the "A" tone pair (697 and 1633 Hz) and some would be 
sending the "D" tone pair (941 Hz and 1633 Hz).  If this caused the 
exchange to not recognise one or the other, then the CND message 
would not be sent.  Customers who bought such boxes and plugged them 
into the line would be responsible for Telstra's costs in 
investigating the problem - and if I am only vaguely aware of what 
ADSI is, how is the average consumer going to know to buy CND boxes 
of the same ADSI type???


Secondly, while Mode 1 cannot be hacked (it only happens after 
ringing voltages - 90 volts AC which only the exchange can generate) 
this Mode 4 CND message system works purely with audio tones which 
ostensibly come from the exchange.  In fact, there is no way the box 
or the customer can be sure that the tones are coming from the 
exchange (and therefore contain a real CND message) - they could be 
generated by the other party to the call (for instance a hacker).  
Therefore, a hacker (perhaps with a modem or some PC software I 
could cook up in a few hours) could generate modem tones which the 
CND box recognises as one or more valid messages.

These messages could contain any number, any name (including rather 
long messages), any time and date and potentially any other things 
the box was capable of receiving.

Multiple messages could be sent - one every few seconds.  This could 
overflow the CND box's memory - removing records of all recent 
genuine calls.

This is probably not a problem in a real call-waiting situation 
because the customer would realise that one or more spurious 
messages arrived at that time.  The danger is when people have a 
Mode 4 capable CND box on their line, with an answering machine.  
The hacker can call the number, wait for the answering machine to 
answer, send the tones and leave arbitrary messages.  These could 
take place after the machine has stopped recording.  I have heard of 
such hacking of CND boxes in the US a few years ago.  I can't 
remember the details, but people got misleading and offensive 
messages in the names and false numbers, times and dates when they 
came home and checked their CND boxes.


Taxonomy of networks
====================

This is a rough guide to the various networks which make up 
Australia's phone system.  Its not complete, nor authoritative, but 
its a guide to the ensuing CND shemozzle.

Ultimately, all these networks (they are all made with modern 
digital exchanges and they all communicate with CCS7) will be 
connected properly, and each carrier will trust both the CND number 
(name later?) time and date and most importantly the validity of the 
"Display the Number" flag in every CCS7 call setup message the get 
from other carriers' networks.  These messages, with the CND number 
and "Display the Number" flag have been part of CCS7 since its 
inception at least 8 year ago. 



Analogue - POTS, key-systems and PABXs
--------------------------------------

Telstra's analogue, fixed line, phone network - for POTS phones 
services and for a variety of PABX connections, plus a PABX 
connection called Siteline.  

   CND Display is generally only available on POTS phones and 
   key-systems (Commander etc.) - as described below in the taxonomy 
   of analogue phone systems.

   Phone services of all kinds, POTS, key-systems, PABXs etc. will
   be generating calls with displayable numbers, unless the line is
   "silent" (and only residential lines are "silent" - no business
   line, including unlisted business numbers and extra residential 
   lines for fax etc, are regarded as "silent") or unless the 
   customer has opted out per-line or per-call.

   In the case of PABXs, and various other multi-line commercial 
   services, there could be differences between the displayed number
   and the number of the caller.  More on this below.


Telstra's Analogue Mobile network
---------------------------------

   This carries both Telstra and Optus analogue mobile calls.

   Analogue mobile phones are incapable of displaying CND and since 
   they are apparently (I don't know why) incapable of handling
   display / don't display prefixes, it has long been decided that
   calls from analogue mobiles will not be recognised has having 
   a valid "display / don't display" flag in the messages sent 
   between exchanges, and that therefore their number will never
   be displayed on a CND box.  When an analogue mobile caller calls
   a Telstra POTS CND service, Telstra will probably send the text
   "Mobile" in the Name field of the CND message - and no number.

   What happens when an analogue mobile calls a GSM (digital) mobile
   or an ISDN service . . . who knows?  Probably no displayable  
   number and an "O" flag in the reason for no number field, which 
   may result in a displayed message such as "Out of Area". Or maybe
   the name "Mobile" will be sent.


Telstra's GSM Mobile network
----------------------------

   As far as I know, this will display and send numbers within 
   itself, and according to Telstra's plan, to and from the 
   analogue fixed network and the ISDN networks.

   Over time, when Optus and Vodafone improve the way in which 
   their networks interface between Telstra's there will be 
   interworking between these and all the other networks.

   What information and opt-out procedure has Telstra given
   its GSM customers?

   I presume the GSM standards (apparently they occupy at least
   a metre of shelf space) cope with Calling Name display as well.

   I haven't head of proposals to actually start displaying callers
   names, but who knows.  I understand that some GSM phones can be
   configured by the user to associate particular numbers with the 
   names of people - names they key in.  So particular caller 
   numbers might cause these names to be displayed instead.



Telstra's *Overlay* ISDN network
--------------------------------

   ISDN is a digital way of connecting to the exchanges.  The 
   exchanges carry phone calls in 64 kbit / second pipes - within
   the exchange and between the exchanges.  The exchanges also
   talk to each other, to set-up and tear-down calls, using a 
   protocol and packet switched network (a little like the Internet, 
   but just for phone exchanges) called the CCS7 network.

   An analogue phone service carries audio signals, ringing and 
   dialling signals to and from the customers site and the exchange
   via analogue voltage variations on a single pair of wires. 

   ISDN, by one means or another, provides two or more 64 kbit 
   channels between the customer and the exchange, plus another 
   digital channel to the exchange to carry commands, related to 
   CCS7, for setting up and managing calls.  

   For instance one way of connecting to ISDN is "Basic Rate ISDN" 
   (BR-ISDN).  This works over a standard pair of phone wires - if 
   they are in good shape and less than a few km long.  It provides
   two 64 k channels, plus a 16 kbps signalling channel for sending
   and receiving information to set up calls, and to be notified of
   incoming calls.  Its very flexible, and each 64 kbit/sec channel
   can handle a voice call or a "data" call.  

   The main advantage is that data calls between ISDN services 
   are the full 64 kbit sec - with special computer adaptors, rather
   than modems, which are limited to 33.6 kbps.

   ISDN services are generally more expensive and even local calls
   are timed.  They messages in the control channel (16 kbps in BR-
   ISDN) can send commands to allow or disallow the display of the 
   caller's number.  They also receive the CND messages.  

   You can't plug analogue phones into an ISDN service - but special
   ISDN phones, or more likely computer interface cards or PABXs do
   plug straight in, and these typically have CND software or 
   hardware built in.

   A second form of ISDN connection is "Primary Rate ISDN" - 10, 20
   or typically 30 channels of 64 kbit/sec plus a control channel 
   for managing all those calls.  The same CND messages travel on 
   this control channel as for BR-ISDN.  PR-ISDN is typically used
   to connect to larger PABXs in banks, government departments or
   for instance, the TIO.  PR-ISDN is typically delivered via
   two optical fibres.

   The PABX connects to handset on the desks of users.  They 
   typically do "CND" within the organisation, and some handsets
   may be configured to display numbers from outside.

   Telstra's "Overlay" network has been operational since about 
   1990.  It consists of a number of Ericsson AXE exchanges, and
   various data links and "B-Muxes" to connect BR-ISDN customers
   in areas far removed from the relatively small number of 
   "Overlay" exchanges.

   These Overlay ISDN exchanges, have always (or almost always) 
   supported CND on an opt out basis.  Its called "CLIP" (Calling
   Line Identification Presentation) and the per-call control of
   whether the caller's number is displayed or not is called CLIR
   (Calling Line Identification Restriction).  CLIR is best done
   by the handset or PABX sending special messages to Telstra's 
   ISDN exchange, but for reasons related to the special technical
   "standards" used in the overlay network, this is not usually 
   practical.  I can't remember what the situation is with prefixes
   - I have the guff somewhere - but I think it is messy too.

   I think there are not separate "display" and "don't display"
   prefixes - but rather the one prefix which reverses whatever 
   the current status of the line is.  This is damn stupid 
   programming on the part of Ericsson, but the price of a software
   rewrite to change even something as seemingly trivial as this is 
   apparently prohibitive.

   One way or another, most Overlay ISDN customers are generally 
   sending their number, and if equipped, displaying it - but 
   only within the Overlay network.  I am not sure if they 
   pay for it or not - its in the price list, but I am not sure
   if it is in fact charged for.  "Line-block" is technically 
   possible, but I don't know how often it is used.

   This has been going on for years - and callers are often
   surprised when the ISDN customer they call knows their number.
   This is because there are not a lot of display handsets - except
   perhaps in the higher offices of the companies.

   This happened well before the AUSTEL Privacy Inquiry started - 
   and AUSTEL turned a blind eye to it because it was already there
   and because it was "only" business customers.

   I don't accept that the privacy of businesses or of individuals
   in their workplace should be given less consideration than that
   of "residential" users - who are the same people, just at work.

   There have been "glitches" in the past where a call from a 
   normal POTS service caused a number to be displayed on a 
   Overlay ISDN connected PABX.  I know one definite case of this
   occurring ca. 1992.  More recently, I heard a similar thing
   happened with a call to the TIO.

   No doubt, Telstra is preparing to display the number of POTS, 
   GSM and On-Ramp ISDN callers on the Overlay ISDN network.  It may 
   already be happening.  What proportion of people on these PABXs 
   have CND capable handsets, I don't know - but it is bound to 
   grow.

   
Telstra's "On-Ramp" ISDN "network"
----------------------------------

   Much as Telstra would like to pretend otherwise, On-Ramp ISDN
   is not a separate network.  It was activated early in 1997.

   On-Ramp ISDN is BR-ISDN and PR-ISDN services but not with the 
   small set of "Overlay" exchanges.  On-Ramp ISDN conforms to the 
   modern European ETSI standards and is provided from the 
   main Telstra network of Ericsson AXE and Alcatel System 12 
   exchanges which now comprise its main network.  These are the 
   exchanges which provide all the analogue services - so On-Ramp
   ISDN simply means a digital link to the exchange from the 
   customers site, rather than analogue POTS or PABX lines.

   Its a scandal, but earlier this year, the Privacy Commissioner's
   office bought Telstra's argument that On-Ramp was an extension
   of the existing ISDN network (I wish I was at those meetings!) 
   and that because it was currently aimed at business customers
   it would be OK to do CND on an opt-out basis - *without* any
   reference to the PAC CND Report.

   This should never have been allowed.  

   On-Ramp ISDN is intended to be a mass market product, although it 
   is a bit pricey now.  OnRamp can be used to give 64 kbps access
   to an Internet Service Provider while another channel can still
   take ordinary phone calls - all with the existing wiring to 
   the home.  A family with Internet-keen members would find this
   most attractive.

   Telstra has agreed (to the Privacy Commissioner's Office I think
   and to me in an article for Australian Communications in 
   June 1997) that when On-Ramp is aimed at residential customers
   then whatever guidelines apply for analogue POTS customers will
   also apply to On-Ramp.

   My understanding is that On-Ramp CND has interworked with 
   the Overlay ISDN network since its introduction.

   No doubt, Telstra is preparing to display the number of POTS,
   Overlay ISDN and GSM callers on On-Ramp ISDN services.  It may 
   already be happening.  



Telstra's DMS Centrex network
-----------------------------

   In addition to the Overlay ISDN network, the main analogue / On-
   Ramp "Future Mode of Operation" exchanges (its main phone 
   network) and the GSM and AMPS (analogue mobile) exchanges, 
   Telstra has some Nortel DMS-100 ISDN exchanges.  These have been
   around for a while, and I think they generally serve business
   customers, via ISDN links (?), analogue lines and potentially 
   "Siteline" connections (discussed below).

   These DMS exchanges have been retained because the provide the
   "Centrex" services which can link offices all over the country
   as if it was all on one PABX - without the need for a PABX
   at all.

   I don't know what the CND behaviour of these DMS exchanges is - 
   maybe they can't display because they have neither ordinary POTS 
   analogue lines or ISDN connections (perhaps they do have ISDN
   connections).  I imagine they will be by default generating
   calls with displayable numbers - presumably the software in the
   exchanges has been updated to handle the prefixes and to do 
   "line-block" like the AXEs and System 12s of Telstra's main
   network.
   
   (If you think this is complex - it is actually beautifully 
   elegant compared to the menagerie of 17+ different exchange
   types which Telstra was running just a few years ago - 
   communicating via a mixture of analogue and digital 
   signalling techniques.  The Future Mode of Operation is now
   largely complete and has got rid of all the analogue exchanges
   and simplified the main network to just 200 AXE and System 12
   exchanges, the mobile exchanges, 20 System 12 inter-exchange
   exchanges, the DMS-100s and special exchanges for International
   and linking to other carriers.)
 

Telstra's and Optus' International connections
----------------------------------------------

   These are separate exchanges, and I don't think that CND
   will be sent or received for international calls for 
   the foreseeable future.

   In principle it can be with any country that uses CCS7 signalling 
   - but there are technical compatibility issues, matters of 
   reliability and trust about the accuracy of the information.  
   Also, I expect there is some recognition of the privacy problems
   of disclosing callers numbers internationally.
   


Optus' GSM network
------------------

   Optus, I think, has been doing CND *for free* on an opt-out
   basis for month or so - just within its GSM network.

   The call it "Caller ID" - a misnomer which should be resisted.

   They have a little form to fill at the back of their brochure:
       "I would like to opt-out of the Optus Caller ID service."
    
   This is a lot more user-friendly than Telstra's awkward
   arrangements.

   I think this means that your number is not sent, and nor do
   you get CND numbers displayed.  (GSM phones are generally 
   capable of displaying CND as a matter of course.)

   I haven't investigated this at all - any further info?



Optus' HFC telephone network
----------------------------

   Optus has a growing number of residential (and maybe a few
   business) customers with phone lines connected to its Hybrid
   Fibre Coaxial cable network.  This pioneering system is now
   working well and gaining customers.  According to a report
   in the Australian 25 November 1997, they are adding 1200
   customers a week.  Unfortunately, without number portability
   this means the customers cannot keep their old numbers.

   All customers are connected to large DMS-100 exchanges just
   for the HFC systems. These are technically capable of displaying
   CND according to the tech standards that Telstra has set
   for its service.  As far as the user is concerned, its
   just an ordinary analogue phone service, although all sorts
   of digital technology stands between their socket and the 
   remote exchange.

   I haven't investigated, but I would expect Optus to provide
   CND display here at some stage - and probably charge for it.

   Whether these services send calls to Optus GSM with displayable
   numbers or not, I don't know.  I presume these exchanges would 
   be programmed to accept the 1831/1832 and/or *31* and *31# 
   prefixes.


 
Optus' DMS business ISDN network
--------------------------------

   Optus has, since its inception, a network of DMS exchanges for 
   business customers.  I think these generally connect with ISDN
   to PABXs in the customer's premises.  I don't know, but I would
   expect these to be brought into CND displaying and receiving
   over time as all the interoperability issues are sorted out
   within Optus and with other carriers.



Vodafone's GSM network
----------------------

   I heard they are doing opt-out CND within their own network -
   for free I think.

   Over time, I would expect this to be linked to all the other
   carriers' networks, once the carriers trust the other carriers to 
   give them CCS7 call setup messages with reliable, valid CND 
   "display / don't display" flags.



Other carriers and Service Providers
------------------------------------

   Some phone customers use the Telstra lines and exchanges, but are 
   not Telstra customers - they are the customers of another 
   company.  I really don't know what the technical and 
   administrative arrangements are here regarding CND.


   Last but not least, is Northgate Communications - the Californian 
   pay TV operator who is installing HFC in Ballarat and I think 
   Geelong.  They had an HFC telephony trial, which may soon be a 
   service.  Ultimately that would do CND in the standard analogue 
   way, since the HFC telephony interface units are designed to 
   replicate most or all of the standard POTS line functions.
 



Freecall numbers
----------------

   I have no idea what is happening here!  There are quite a few
   variations - and in some cases they have been getting the 
   caller's number for years, at least as part of the billing 
   system.  Even with a call made with CND display disabled, 
   they would still get whatever they are getting at present.

   What might change is their ability to get the information 
   at the time of the call, rather than later on a bill.
  


Internal services within Telstra
--------------------------------

   Theoretically only 000 always gets your number, but I have
   reliable reports of wake-up call operators knowing the 
   caller's number.  This is irrespective of CND.  Within
   Telstra, they can probably do what they like.



Taxonomy of Telstra analogue services
=====================================


The CND situation with ordinary, analogue POTS lines (as virtually 
all home phones are) has already been described.  Now its time to 
look at the variations which are used by businesses, in respect of 
their ability to display CND, and to control the sending of their 
number, and the relationship between the number which is displayed 
and the actual originating line of the call.

This is necessarily incomplete, but it gives a reasonable picture of 
what is going on.


Key-systems - "Commander"
-------------------------

A key-system is not a PABX - its just a centralised box, with 
multiple handsets, and multiple ordinary POTS analogue phone lines 
to the Telstra exchange.

As such, the standard POTS CND display signals could be sent to the 
lines if the customer paid for the service.  I think that existing 
key-systems would not support CND display - there are various things 
going on, and the handsets are not ordinary phones.  You could 
certainly put a CND box on each of the lines, and display numbers 
there - but the key-system would need to be specially designed to 
receive CND if it was to display this on the handsets.  I understand 
that some suppliers are making the necessary additions to their 
designs.  Whether these can be retrofited, I don't know.


Since a key system, with say 5 lines, may have those lines all 
configured in the exchange to take incoming calls for a "Directory" 
number, on a rotary basis (is this aka a "hunt group"?), all 
incoming calls to the key-system are generally caused by people 
calling that Directory number.  

Each line does however have its own telephone number.  Calling that 
number will cause a call on that specific line - which the key 
system will simply see as one outside line, rather than as a call to 
a specific handset.

However, since each outside line has its own number, the calls made
*from* these lines will each have their own displayable CND number.  
This reveals the real numbers of the key-system's exchange lines - 
which many customers do not want to reveal.  All they want the 
public to know is the Directory number which distributes calls to 
all lines on a rotary basis.  I don't know what Telstra is going to 
do about this, but unless something is done, then people will get 
calls from one particular business, showing a range of numbers (the 
set of numbers which are the real numbers of the lines) - none of 
which are the Directory number of the business.

Perhaps a few key systems will prevent the use of 1831 and 1832 
prefixes - since they may have some tricky processing of dialled 
numbers built into their software.


Analogue PABXs
--------------

Analogue PABXs have special analogue, but non-POTS, lines to the 
exchange.  Instead of the exchange "driving" the line (with 50 volts 
when the phone is on-hook), and so driving the phone (this is the 
normal arrangement of a POTS line), and the phone being picked up to 
activate the line, in an Analogue PABX line, the *PABX* drives the 
line (with 50 volts), and Telstra's exchange behaves like a phone!  
Its weird and the reasons are lost on me.  

One thing the exchange has to do, is tell the PABX which indial 
extension a call is meant for.  So a 100 extension PABX may have 10 
exchange lines.  The Telstra exchange line tells the PABX there is 
an incoming call (by "picking up" the line - rather than sending 
ringing signals). Then the Telstra exchange has to tell the PABX 
which numbered extension the call should be sent to.  There are no-
less than three ways of doing this!  One, DTMF tones, is hardly 
used.  Another, Multi Frequency Compelled (MFC) signalling is used 
on a few more modern analogue PABXs.  Most PABXs use clunky old 
decadic pulse dialling to be told the extension number of the 
incoming call.

Pulse dialling goes "clack, clack, clack" for "3" etc.  So a 0 is 
ten "clacks".  You can hear this sometimes - for instance when 
calling AUSTEL/ACA.  You hear a few seconds delay while the Telstra 
exchange sends three series of decadic pulses (each up to ten 
pulses) to the line - you can just hear the clicking.  Then when the 
PABX knows the extension number, it makes that extension ring, and 
sends an audio ringing signal to the exchange so the caller can hear 
that the phone bell is being activated,

Then the PABX waits for someone to pick up the handset.

This means that ordinary analogue POTS CND messages simply cannot be 
sent to any analogue PABX in Mode 1. The exchange does not generate 
the ringing signals - the PABX does.  It is totally different from a 
POTS line, although it is analogue, and uses the same twisted pair 
wires.

Theoretically you could send the ten to 12 CND digits via DTMF, or 
MFC - but you wouldn't want to try sending all the other things, 
like Calling Name and date and time.  It would take several minutes 
to send all that information with pulse dialling!

There are no plans to send CND display data to analogue PABXs.  To 
do so would require radical reprogramming of the exchange, and major 
hardware and software changes to the PABXs themselves - and they are 
being superseded by ISDN PABXs.


However, these PABXs will generally be *making* calls with 
displayable numbers.  Whether or not the PABX would prevent the 1831 
or 1832 prefix would depend on the system.  I think it might be 
prevented on quite a few, since they have all sorts of pre-
programmed rules to decide when the full number has been dialled.  
They have to have this because of the screwy way they interface to 
the exchange lines.  Those PABXs are likely to need software 
upgrades or re configuration to allow the 1831 and 1832 prefixes to 
be sent.

Apparently these PABXs often interface to the exchange via three 
types of analogue lines:

1 - Indial lines (purely for incoming calls to the PABX).

2 - Outdial lines (purely so the PABX can make outgoing calls.)

3 - Bi directional lines - which can do both.


Now the PABX may have a range of directory numbers assigned to it, 
and the exchange is programmed to direct any call to a number in 
this range to any one (it doesn't matter which) of the Indial lines 
(or bi directional lines) and to tell the PABX (as described above) 
which extension, corresponding to the last two or three digits in 
the dialled number it is meant to go to.

However, when someone at an extension, say ext. 17, picks up their 
handset and dials to the outside world, then that call could go out 
on any of the outdial or bi-directional lines.  Each such line would 
have its own number, and none of those numbers would be related to 
the extension or to the official Directory number range the PABX is 
assigned to.  So the number displayed on a CND box for those calls 
is not one that is instantly recognisable to someone as a number 
belonging to that business.  If that displayed number was called - 
what would happen?  If it was the number of an Outdial line - 
nothing - because the PABX doesn't answer those lines.  A bi 
directional line?  Who knows.  At best the PABX would answer it, but 
there would be no way of it going to a particular extension.


Siteline links to PABXs
-----------------------

I have only just learned about this variation.  Functionally the 
PABX is like an analogue PABX.  That is, it does not connect to the 
Telstra exchange via a PR-ISDN link, with all its sophisticated call 
management messages. (ISDN is a very rich and well developed set of 
protocols).

Basically Siteline is a way of carrying 30 calls, and a signalling 
system call CAS (Channel Associated Signalling) to do the same kinds 
of things described above for analogue PABX indial, outdial and bi 
directional lines - but in a somewhat cleaner and more reliable 
digital form.  So CND display probably cannot be carried over such a 
link to the PABX, and even if it could, the PABX would need to be 
radically redesigned to be able to receive it.  The problems of 
mismatch of CND number for outgoing calls would presumably be the 
same.


Mismatch of displayed CND numbers
---------------------------------

These problems with inappropriate CND numbers for calls emanating 
from key-systems and analogue PABXs are fundamental.  Neither has a 
way of telling the exchange which extension the call actually came 
from - so no information about the extension could ever affect the 
displayed CND number for that call.  The best thing that could 
happen would be for Telstra to program their exchanges so that the 
CND number of all calls made from the lines of a key-system, or PABX 
group or lines, was the directory number of that business.

I get the impression this is the sort of thing they will have to do- 
but that it could take a few years.

ISDN PABXs are capable of much smarter operation - and its worth 
noting that the PABX owner themselves can do things to control the 
displayed number.  What the limits to this are, I don't know - but I 
think there is a lot of scope for accidental, or perhaps deliberate, 
mismatches between the displayable number and the real source of the 
calls.

This stuff is an obvious source of confusion to all users - its been 
happening on a big scale in the USA, and they have had CND for quite 
a few years.


Can of worms
============

This treatise has not considered the major privacy problems, nor has 
it looked into the vastly more complex, indefinite and confusing 
activity that CND can turn an ordinary telephone call into.  The 
usage impact could be significant - more calls not answered, more 
calls made because the first one was not answered . . . it goes on.

Telstra will ultimately regret CND - if they haven't got to that 
point already.  It is a true can of worms.  The only reason they are 
pushing ahead with it is because they are not enough of an 
organisation to have actually thought through all the costs, 
complications and negative changes to telephone usage. Marketing 
greed - and hunting and herding - rules supreme.  I have been 
watching this for years - and have never seen any evidence that 
anyone sat down and did a comprehensive survey of what all the 
complications would be.



1



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH