Working Paper on potential privacy risks associated with the introduction

of the ENUM service

- adopted at the 34 ^th meeting, 2-3 September 2003 in Berlin -

At present pilot projects for the introduction of the so-called ENUM service (a DNS-like protocol for mapping telephone numbers to URIs) are being run in many countries around the world.

The publicly available documents on the ENUM service have lead to critical statements by governmental authorities, citizens´ rights groups and privacy activists from different countries.

Some aspects of the planned structure indeed give rise to privacy concerns:

The Australian Communications Authority has in a Discussion Paper pointed out that “…the privacy of ENUM subscribers would be compromised if an individual requesting information on a randomly chosen telephone number succeeded in accessing all the communications services associated with that telephone number (such as email address, fax number, mobile number, voicemail number etc.). The information may then be used for spamming or to assume someone else´s identity for commercial or criminal purposes. Publications on other ENUM pilot projects suggest that other data available could additionally include home pages and even location information.

The US Electronic Privacy Information Center (EPIC) has pointed to more prospective risks of the introduction of ENUM: “ENUM is a globally-unique number. Because of the convenience of using a single number to contact another person, ENUM may be assigned to all humans at some point in the future. ENUM may become a globally-unique identifier (GUID) used to label humans."

From a privacy point of view the use of the existing telephone numbers according to ITU´s international numbering plan raises a number of issues which may lead, if not adequately addressed, to threats to users´ privacy. The privacy of ENUM users might be protected better if an option would be provided for pseudonymous data not linked to other communications identifiers of a user to be used as ENUM “domain names”. In any case users should have the possibility to have multiple ENUM identifiers.

ENUM would also allow for "reverse lookups" (i.e. finding personal data of the assignee to a given telephone number), which is illegal or subject to certain conditions in some countries for existing electronic telephone directories.

ENUM is the structural equivalent of a domain name in the Internet world. The processing of personal data of registrants of domain names – namely its publishing in publicly accessible databases on the web (“WhoIs-services”) has given rise to privacy concerns already in the past. It is therefore essential that personal data of registrants of ENUM numbers are only made available for public access with the informed consent of the user. Merely subscribing to a particular ENUM service should not be interpreted as such consent.

It is also a necessity to clearly establish the lawful uses and purposes admitted for ENUM and the conditions for cancelling the personal data of those who decide to unsubscribe from the service.

It seems that privacy aspects have up to now not been dealt with thoroughly by the different players in the ENUM field (ITU, IETF and various industry groups). Nevertheless the Working Group recognizes there seems to be unanimity in the ENUM community that ENUM services should only be offered based on the informed consent of the user which is another crucial point from a privacy perspective.

The Working Group calls upon ITU and the IETF as well as the industry players involved and the competent national regulatory authorities to give privacy matters a high priority in the further development of the ENUM service.