Phone number to e-mail service raises concerns

An electronic numbering system proposed by the communications industry that would link a telephone number to other Web service addresses over the Internet is drawing criticism from privacy groups.

The Electronic Numbering system, or Enum, is a global standard that was developed by the Internet Engineering Task Force (IETF) and the International Telecommunication Union (ITU) to connect all communications networks worldwide. The ITU, an organization made up of governments and private-sector groups, is responsible for coordinating global telecommunications networks and services, and the IETF is an Internet standards-setting body.

The idea behind Enum is to map phone numbers to Internet addresses. Earlier this week, the ITU said it had made progress toward implementation of Enum. Roy Blane, chairman of the ITU’s Enum study group, said he expects the protocol to be approved in November next year.

According to proponents, Enum’s main benefit is that it would let users communicate with others in a variety of ways when all the user knows is the person’s telephone number. “A person could hand me his business card with just a telephone number on it and I wouldn’t have to scramble around trying to find his other numbers, [like his e-mail address or cell phone number],” said Bryan Whittle, a member of the Enum-Forum, a network industry group in the U.S.

The group was formed to make recommendations about the implementation of the Enum protocol to the U.S. State Department, which is the U.S. government liaison to the ITU. The industry group has recommended that the U.S. adopt the protocol.

Implementation of Enum would require approval by national governments, and users would have a choice as to whether they wanted to participate in the system.

Even so, privacy groups said the system’s affects on individual privacy haven’t been adequately explored.

Enum would enable a user to store contact information, such as fax, voice, voice mail, e-mail, Web and home address information, in a single account that could be accessed by another person using one telephone number. Thus, a user would be able to type one telephone number into a Web browser and access a URL listing those Internet resources.

The first part of the global Enum code would be a user’s telephone number, including the country code, backward. So, for example, a user in the U.S. would have a number like 1 (for the U.S. country code) 212-555-1234, which would be written 43215552121.domain-name. The second part of the identifier, the domain name, hasn’t been determined. Users would only have to enter the telephone numbers, while the reversing of digits and the conversion into the Internet Domain Name System would be performed by the software.

Enum employs an open and public international database of contact information.

The Washington-based Electronic Privacy Information Center (EPIC) is concerned that Enum may become a tool of marketers, spammers and others who want to reach private citizens.

EPIC officials are also concerned that because of the convenience of using a single number to contact another person, Enum potentially could assign a number to every individual, creating a globally unique identifier that could be used to identify anyone.

Not so, said Whittle. “People will be able to decide if they want to participate or not,” he said. Whittle said the Enum-Forum, which includes such companies as AT&T Corp., Cisco Systems Inc., IBM Corp., WorldCom Inc., AOL Time Warner Inc. and Whittle’s company, Telecordia Technologies Inc. in Morristown, New Jersey, is working to ensure the privacy and security of the system.

Blane acknowledged the privacy concerns and said Enum must adhere to the privacy legislation in each country.

But Evan Hendricks, editor of Washington-based Privacy Times, said one problem is that there are no specific laws in the U.S. governing privacy in cyberspace.

“This could migrate into a universal identifier at some point in the future that would be like a Social Security number, and someone could get this number and link to all your files,” he said.

Rob Courtney, a policy analyst at the Center for Democracy and Technology (CDT) in Washington, agreed.

“Enum aggregates a huge amount of data, and how it is stored and where it is placed is still up for grabs,” Courtney said. “Identity theft is a big risk. There has to be some control over data storage and how companies [storing that data] authenticate any changes to that data.”

Whittle said there would be systems in place to address the CDT’s concerns.

David Fraley, an analyst at Stamford, Conn.-based Gartner Inc., said a global standard for telephone-to-IP address translation is needed. Otherwise, he said, every telecommunications software vendor will develop its own technology. “This is an enabling technology to support Internet telephony,” he said.

Touching on the privacy issue, Fraley said identify theft issues existed long before Enum was developed.

“There are privacy issues with existing technology,” he said. “Is it possible to hack into an existing telecommunications network’s database? It’s possible, but not probable.”