Caller-id FAQ
January 1995

        1) What is Caller-ID ?

        First ask "What is ANI"

        2) OK, What is ANI ?

        ANI  or Automatic Number Identification is a mechanism  by  which
        the different telephone companies determine what account is to be
        charged for a call, This information is passed between Telcos and
        was  originally  for  billing  purposes  and  predated  both  SS7
        (Signaling  System 7) and (C)LASS (Local Area Signaling  Services
        was the original AT&T designations, the "C" was added by Bellcore
        after  divesture)  services  which make CNID  or  Calling  Number
        IDentification as Caller-ID is more properly known, possible.

        Since  the  Telcos  had ANI, the decision was  made  to  make  it
        available  to  authorized  parties such as 911  service  and  law
        enforcement  agencies. ANI is also used to let a  Telco  operator
        know who is calling.

        More recently, ANI is used to report to 800 and 900  subscribers,
        who made the calls they have received, in the first case so  that
        the  800 subscriber knows who the charge is for, and so that  900
        number subscribers know who to charge.

        Thus  while ANI is similar to CALLER-ID and may provide the  same
        information,  they  are actually two different services  and  ANI
        information is not necessarily the same as what will appear on  a
        CALLER-ID display.

        3) Now (maybe) what is Caller-ID ?

        Caller-ID  is  a Telco offering that is a  byproduct  of  (C)LASS
        services.   In  this  case,  only  those  numbers   reported   by
        participating exchanges are returned, exactly which are and which
        are not is currently (March 1994) at the Telco's discretion.

        The  Federal Government has stated that it is their  intent  that
        nationwide  CNID be available by mid-1995. The full text of  this
        decision  may be found FCC Report No. DC-2571 issued on March  8,
        1994.

        The  biggest effect of the ruling is to mandate transport of  CPN
        (customer  provided number) information  between  interconnecting
        networks  eliminating  the effective  inter-LATA-only  limitation
        that exists today in most areas.

        Currently  there  are two types of Caller-ID.  The  first  (often
        referred  to as "basic" service) just returns the calling  number
        or an error message and the date/time of the call.

        The  second ("enhanced" Caller-ID) also may return the  directory
        information  about the calling number. At a minimum, the name  of
        the subscriber is returned (the subscriber is not the same as the
        caller, the phone company has no way to determine who is actually
        on the line).

        4) How is the Caller-ID information provided ?

        As  a  1200  baud, 7 data bits, 1 stop bit  data  stream  usually
        transmitted following the first and before the second ring signal
        on  the line. Note that this is not a standard Bell 212 or  CCITT
        v22 data format so a standard modem will probably not be able  to
        receive  it. Further, the serial information exists as such  only
        from  the  recipient's switch to the callee's  location.  Between
        carriers the signal exists as data packets.

        The signal is provided before the circuit is complete: picking up
        the receiver before the data stream is finished will stop/corrupt
        the transmission.

        Currently  there are two types of information returned: a  "short
        form" which contains the date/time (telco and not local) of the
        call  and  the calling number or error message. The  "long  form"
        will  also contain the name and possibly the  address  (directory
        information) of the calling phone.

        The  "short  form"  stream  consists of a  set  of  null  values,
        followed by a two byte prefix, followed by the DATE  (Month/Day),
        TIME  (24 hour format), and number including area code in  ASCII,
        followed  by  a  2s compliment checksum.  Most  modems/caller  id
        devices will format the data but the raw stream looks like this :
        0412303232383134333434303735353537373737xx
        or (prefix)02281334407555777(checksum)

        A formatted output would look like this:
        Date -   Feb 28
        Time -   1:34 pm
        Number - (407)555-7777

        5) Can a Caller-ID signal be forged/altered ?

        Since  the signal is provided by the local Telco switch  and  the
        calling  party's line is not connected until after the  phone  is
        answered, generally the signal cannot be altered from the distant
        end.  Manipulation would have to take place either at the  switch
        or on the called party's line.

        However,  the foregoing applies only to a properly designed  CNID
        unit.  For instance the Motorola M145447 chip has a "power  down"
        option that wakes the Chip up when the phone rings for just  long
        enough  to  receive, process, and deliver the CNID  signal  after
        which it shuts down until the next call.

        Should  this  option be disabled, the chip will be in  a  "listen
        always" state and it is theoretically possible to "flood" a  line
        making a vulnerable box record successive erroneous numbers.

        I have received a report of a device called "Presto Chango"  that
        can  transmit  an extra ADSI modem tone after the call  has  been
        picked up that will cause a susceptible box to display the  later
        information. It was also reported to me that CNID boxes  marketed
        by  US-West  as their brand and made by CIDCO have been  used  to
        demonstrate the "Presto Chango" box.

        6) What is "ID Blocking" ?

        Most  Telco's  providing  Caller-ID have been  required  to  also
        provide the ability for a calling party to suppress the Caller-ID
        signal. Generally this is done by pressing star-six-seven  before
        making the call. In most cases this will block the next call only
        however  some  Telcos  have  decided  to  implement  this  in   a
        bewildering  array of methods. The best answer is to contact  the
        service provider and get an answer in writing.

        Currently this is supplied as either by-call or by-line blocking.
        By-Call is preferred since the caller must consciously block  the
        transmission   on  each  call.  By-Line  blocking  as   currently
        implemented has the disadvantage that the caller, without  having
        a second caller-id equipped line to use for checking, has no  way
        of knowing if the last star-six-seven toggled blocking on or off.

        Note  that  blocking  is  provided by a  "privacy"  bit  that  is
        transmitted  along  with  the CNID information and  so  is  still
        available  to the Telco switch, just not to the subscriber  as  a
        CNID  signal. Consequently related services such as  call  trace,
        call return, & call block may still work.

        7) What happens if a call is forwarded ?

        Generally,  the  number  reported is that of the  last  phone  to
        forward  the call. Again there are some Telco differences so  use
        the  same  precaution  as in (6). If the forwarding  is  done  by
        customer  owned  equipment there is no way of  telling  but  will
        probably be the last calling number.

        Note  that as specified, CNID is *supposed* to return the  number
        of  the  originating  caller  but this is at  the  mercy  of  all
        forwarding devices, some of which may not be compliant.

        8)  What happens if I have two phone lines and a black box to  do
        the forwarding ?

        If  you  have  two  phone lines or  use  a  PBX  with  outdialing
        features,  the reported number will be that of the last  line  to
        dial. Currently there is no way to tell a black box from a  human
        holding two handsets together.

        9)  I called somebody from a company phone (555-1234)  but  their
        Caller-ID device reported 555-1000.

        Often a company with multiple trunks from the Telco and their own
        switch will report a generic number for all of the trunks.

        There  is  a  defined  protocol  for  PBXs  to  pass  true   CNID
        information  on outgoing lines but it will be a long time  before
        all existing COT (Customer Owned Telephone) equipment is upgraded
        to meet this standard unless they have a reason to do so.

        10)  I  run a BBS. How can I use  Caller-ID  to  authenticate/log
        callers ?

        There  are two ways. The first utilizes a separate Caller-ID  box
        with  a  serial  cable  or  an  internal  card.  This  sends  the
        information back to a PC which can then decide whether to  answer
        the  phone  and  what device should respond. Some  of  these  are
        available  which  can handle multiple phone lines  per  card  and
        multiple cards per PC.

        The second (and most common) is for the capability to be built in
        a  modem or FAX/modem. While limited to a single line per  modem,
        the information can be transmitted through the normal COM port to
        a  program  that again can decide whether or not  to  answer  the
        phone  and  how.  There is a FreeWare Caller-ID  ASP  script  for
        Procomm  Plus  v2.x available for FTP from the  Telecom  archive.
        Most  such  software packages will also log each call  as  it  is
        received and the action taken.

        Of course for true wizards, there are chips available (one of the
        first  was  the Motorola MC145447) that can  recognize  the  CNID
        signal and transform it into a proper RS-232 (serial) signal.

        11) How is security enhanced by using Caller-ID over a  Call-Back
        service or one-time-passwords for dial-up access ?

        Caller-ID  has one great advantage over any other  mechanism  for
        telephone  lines.  It  allows the  customer  to  decide  *before*
        picking up the receiver, whether to answer the call.

        Consider hackers, crackers, and phreaks. Their goal in life is to
        forcibly penetrate electronic systems without permission  (sounds
        like  rape doesn't it ?). They employ demon dialers  and  "finger
        hacking"  to  discover responsive numbers, often  checking  every
        number in a 10,000 number exchange.

        If  they get a response such as a modem tone, they have a  target
        and  will  often  spend  days  or  weeks  trying  every  possible
        combination of codes to get in. With Caller-ID answer  selection,
        the  miscreant  will  never get to the modem tone  in  the  first
        place, yet for an authorized number, the tone will appear on  the
        second ring. Previously the best solution for dial-ups was to set
        the modem to answer on the sixth ring (ats0=6). Few hackers  will
        wait that long but it can also irritate customers.

        12) What error messages will Caller-ID return ?

        a) "Out of Area" - (Telco) the call came from outside the Telco's
        service area and the Telco either has no available information or
        has chosen not to return what information it has.

        b)  "Blocked"  or  "Private"  - (Telco)  the  caller  either  has
        permanent call blocking enabled or has dialed star-six-seven  for
        this call. You do not have to answer either.

        c) "Buffer Full" - (device manufacturer) there are many Caller-ID
        devices  on  the  market  and exactly how  they  have  chosen  to
        implement  storage is up to the manufacturer. This probably  mans
        that  the  divide has a limited buffer space and  the  device  is
        either losing the earliest call records or has stopped  recording
        new calls.

        d)  "Data  Error"  or "Data Error  #x"  -  (device  manufacturer)
        signal was received that was substandard in some way or for which
        the checksum did not match the contents.

        e)  "No  Data Sent" - (device manufacturer) Signal  was  received
        consisting  entirely of nulls or with missing information  but  a
        proper checksum.

        13) Why are so many people against Caller-ID ?

        FUD - Fear, Uncertainty, & Doubt or 10,000,000 lemmings can't  be
        wrong.  There  were some justifiable concerns  that  some  people
        (battered  wives,  undercover policemen) might be  endangered  or
        subject   to  harassment  (doctors,  lawyers,  celebrities)    by
        Caller-ID.  As mentioned above there are several legitimate  ways
        to  either  block  Caller-ID or to have  it  return  a  different
        number.  It  is  up to the caller. The  advantage  is  that  with
        Caller-ID,  for  the first time, the called party  has  the  same
        "right of refusal".

        Expect yet another Telco service (at a slight additional  charge)
        to  be  offered to return an office number for  calls  made  from
        home. Crisis centers could return the number of the local  police
        station.


        Compiled by Padgett Peterson. Constructive comments to:
        padgett@tccslr.dnet.mmc.com  Brickbats >nul.

        Thanks for additional material to:

        David J. Kovan
        Robert Krten
        John Levine
        David G. Lewis
        Karl Voss

        but the mistakes are all mine - Padgett (Ignorance is curable)


--
------------------------------------------------------------------------------

Caller ID Technical Details
by Hyperborean Menace

The way Caller ID works internally is through SS7 (Signalling System 7)
messages between telephone switches equipped to handle SS7.  These messages
pass all the call information (block/no block, calling number, etc.).
The calling number is sent as part of the SS7 call setup data on all SS7
routed calls (i.e. all calls carried between switches that are SS7
connected).

The calling number is sent between switches always, regardless of
whether or not *67 (Caller ID Block) is dialed.  It just sends along a
privacy indicator if you dial *67, and then the final switch in the path
will send a "P" instead of the calling number to the Caller ID box.
(But it will still store the actual number - *69 will work whether or
not the caller dialed *67).  What the final switch along the path does
with the calling number depends on how the switch is configured.  If you
are not paying for Caller ID service, the switch is configured so that
it will not transmit the Caller ID data.

This is entirely separate from Automatic Number Identification, which is sent
along SS7 where SS7 is available, but can also be sent using other methods,
so that ALL switches (for many years now) have been able to send ANI (which
is what Long Distance companies used to know who to bill).  Enhanced 911 is
NOT based on Caller ID, but on ANI, thus, it will work for anyone, not just
people connected to SS7 capable switches.  And, of course, *67 will have no
effect on Enhanced 911 either.

Also interesting is the effect call forwarding has on the various services.
Say I have my home telephone forwarded to Lunatic Labs, and it has
Caller ID.  If you call me, the call will forward to Lunatic Labs, and
its Caller ID box will show YOUR number, not mine (since your line is
the actual one making the call).

However, ANI is based on the Billing Number (who is paying for the call (or
would pay if it weren't free), not on who is actually making the call.
Thus, if I forward my telephone to an 800 Number that gets ANI (such as the
cable pay-per-view order number), and you call me, they will get MY number
(since I would be the one paying for that portion of the call, except that
800 Numbers are free), and you will end up ordering pay-per-view for
me...


CNID (Caller ID) Technical Specifications


 PARAMETERS
 The data signalling interface has the following characteristics:
        Link Type:           2-wire, simplex
        Transmission Scheme:    Analog, phase-coherent FSK
        Logical 1 (mark)        1200 +/- 12 Hz
        Logical 0 (space)       2200 +/- 22 Hz
        Transmission Rate:         1200 bps
        Transmission Level:        13.5 +/- dBm into 900 ohm load

 (I have copied this data as presented.  I believe the
 transmission level is meant to be -13.5 dBm.)

 [It is indeed -13.5 dBm]

 PROTOCOL
 The protocol uses 8-bit data words (bytes), each bounded by a
 start bit and a stop bit.  The CND message uses the Single Data
 Message format shown below.

 [ I belive this is the same as standard asynchronous serial - I think the
 start bit is a "space", and the stop bit is a "mark" ]

 Channel  Carrier  Message  Message  Data     Checksum
 Seizure  Signal   Type     Length   Word(s)  Word
 Signal            Word     Word

 CHANNEL SEIZURE SIGNAL
 The channel seizure is 30 continuous bytes of 55h (01010101)
 providing a detectable alternating function to the CPE (i.e. the
 modem data pump).

 [CPE = Customer Premises Equipment --i.e. your Caller ID Box]

 CARRIER SIGNAL
 The carrier signal consists of 130 +/- 25 mS of mark (1200 Hz) to
 condition the receiver for data.

 MESSAGE TYPE WORD
 The message type word indicates the service and capability
 associated with the data message.  The message type word for CND
 is 04h (00000100).

 MESSAGE LENGTH WORD
 The message length word specifies the total number of data words
 to follow.

 DATA WORDS
 The data words are encoded in ASCII and represent the following
 information:

 o  The first two words represent the month
 o  The next two words represent the day of the month
 o  The next two words represent the hour in local military time
 o  The next two words represent the minute after the hour
 o  The calling party's directory number is represented by the
        remaining  words in the data word field

 If the calling party's directory number is not available to the
 terminating central office, the data word field contains an ASCII
 "O".  If the calling party invokes the privacy capability, the
 data word field contains an ASCII "P".

 [ Note that 'O' will generally result in the Caller-ID box displaying
 "Out Of Area" indicating that somewhere along the path the call took from
 its source to its destination, there was a connection that did not pass
 the Caller ID data.  Generally, anything out of Southwestern Bell's area
 will certainly generate a 'O', and some areas in SWB territory might also
 not have the SS7 connections required for Caller ID]

 CHECKSUM WORD
 The Checksum Word contains the twos complement of the modulo 256
 sum of the other words in the data message (i.e., message type,
 message length, and data words).  The receiving equipment may
 calculate the modulo 256 sum of the received words and add this
 sum to the received checksum word.  A result of zero generally
 indicates that the message was correctly received.  Message
 retransmission is not supported.

 EXAMPLE CND SINGLE DATA MESSAGE
 An example of a received CND message, beginning with the message
 type word, follows:

 04 12 30 39 33 30 31 32 32 34 36 30 39 35 35 35 31 32 31 32 51

 04h=  Calling number delivery information code (message type word)
 12h= 18 decimal; Number of data words (date, time, and directory
        number words)
 ASCII 30,39= 09; September
 ASCII 33,30= 30; 30th day
 ASCII 31,32= 12; 12:00 PM
 ASCII 32,34= 24; 24 minutes (i.e., 12:24 PM)
 ASCII 36,30,39,35,35,35,31,32,31,32= (609) 555-1212; calling
                          party's directory number
 51h=  Checksum Word

 [ There is also a Caller Name service that will transmit the number and the
 name of the caller.  The basic specs are the same as just numbers, but more
 data is transmitted.  I don't have the details of the data stream for that.]

 DATA ACCESS ARRANGEMENT (DAA) REQUIREMENTS
 To receive CND information, the modem monitors the phone line
 between the first and second ring bursts without causing the DAA
 to go off hook in the conventional sense, which would inhibit the
 transmission of CND by the local central office.  A simple
 modification to an existing DAA circuit easily accomplishes the
 task.

 [i.e. The Caller-ID Device should present a high impedance to the line]

 MODEM REQUIREMENTS
 Although the data signalling interface parameters match those of
 a Bell 202 modem, the receiving CPE need not be a Bell 202
 modem.  A V.23 1200 bps modem receiver may be used to demodulate
 the Bell 202 signal.  The ring indicate bit (RI) may be used on a
 modem to indicate when to monitor the phone line for CND
 information.  After the RI bit sets, indicating the first ring
 burst, the host waits for the RI bit to reset.  The host then
 configures the modem to monitor the phone line for CND
 information.

 According to Bellcore specifications, CND signalling starts as
 early as 300 mS after the first ring burst and ends at least 475
 mS before the second ring burst.



------------------------------------------------------------------------------

Country               Percentage of Piracy
--------------------------------------------------------
Australia / New Zealand   45%
Benelux                   66
France                    73
Germany                   62
Italy                     86
Japan                     92
Korea                     82
Singapore                 41
Spain                     86
Sweden                    60
Taiwan ( 1990 )           93
Thailand                  99
United Kingdom            54
United States             35

     Source: Business Software Alliance, based on 1992 h/w & s/w
                    shipping figures

