Date: Tue, 26 May 92 16:31:19 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V1#035
Computer Privacy Digest Tue, 26 May 92 Volume 1 : Issue: 035
Today's Topics: Moderator: Dennis G. Rears
Re: Cordless Phones
Re: Cordless Phones
Re: Cordless Phones
Some technical corrections (was Re: cordless phones)
Databases
Re: California Drivers Lic & SSN
Call waiting and Caller ID
One-Party Consent in Washington State
AmEx Settlement
Re: CallerID Decision
Re: PBX monitoring
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.200].
----------------------------------------------------------------------
From: RICHARD HOFFBECK <plains!moose.cccs.umn.edu!rwh@uunet.uu.net>
Subject: Re: Cordless Phones
Date: Fri, 22 May 1992 15:38:00 GMT
> > How would someone go about doing this? If my neighbor and I both
> > have cordless phones, why is it that when I pick mine up I don't
> > home-in on their conversation? Do my headset and cradle communicate
> > in some encrypted format (like some wireless LANs)? How does the FCC
> > handle all these different phone companies who want to make cordless
> > phones? Can you run out of frequencies?
>
> Each cordless phone communicates with it's base via a particular frequency.
> If by chance your neighbor's and your cordless phones both operate on the
> same frquency (possible but statisticly improbable) you could answer his
> calls with your handset and vice versa. Most certainly there are duplicate
> frequencies out there, just as somebody out there has the same door key as
> you do..... However, the chance of both you and your neighbor having the
> same
> frequency is again very low.
>
It looks like some facts might be helpful :-(
Actually there are only 10 frequency pairs allocated for cordless phones
in the 48/48 Mhz range, and this is the most common type of cordless
phone. Consequently, the probability of you and your neighbor having the
same frequency is 1 in 10. The security features on these phone is
primarily directed to keeping someone from getting access to your dial
tone from their handset, but does absolutely nothing to prevent them from
listening to your conversation. BTW, these frequencies are also shared
with baby monitors and the likes.
For the more security minded there are two out of the box options that I'm
aware of to date. Motorola makes a phone that uses an inversion scheme to
mask the the conversation. I've heard that it is available from Sears
among others and is priced in the $100 to $200 range. I believe that it
still operates on the 10 channels in the 46/48 Mhz range. While the
scrambling will keep your conversations safe from the typical scanner
owner, it is a trivial exercise to reinvert the audio and recover the
original conversation.
The FCC has recently opened up a section of the 900 Mhz band to use with
cordless phones. I've seen ads for a new unit that digitizes the audio
and encrypts it before transmitting. This should be very secure against
all but the most technically inclined listener, i.e. NSA. The error
correction built into the digital scheme should also provide a cleaner
sounding unit. I don't have the ad handy, but I think the company was
VTech in Beaverton, OR. The price I heard quoted was in the $250 to
$300 range.
> Cellular phones are a slightly different case. Each phone is registered on
> a
> network, just like your computer is, and is given a unigue address on that
> network. Your cellular phone will only work on that one network, not on
> the
> one in the nextdoor. Note the difference with cordless phones. You can
> plug
> a cordless phone into any active phone jack and dial out, and anyone
> knowing
> the address of the jack can dial in.
But cellular phones transmit in the clear in the 868 - 894 MHz range which
makes it a trivial matter to listen in on conversations. Listening in
on a particular conversation is somewhat more difficult but far from
impossible. Most upper end scanners ($200 and up) can cover the cellular
band either directly of via image reception, and most are easily modified
for direct use. Modifying my Bearcat 205XLT took about 10 minutes and a
friend recently modified his Radio Shack PRO-2006 in about half that time.
Again, the cellular providers are moving toward digital modes to crowd
more conversations into the existing bandwidth. Digitizing provides
a good deal of privacy and encrypted digital can be made very secure
from the average and above average listener. In addition, some providers
will provide you with encrypted cellular today for an additional
monthly fee.
> Tapping of cellular phones is illegal because it implies requires that an
> effort be made to determine someones address and tap into it. Cordless
> phones
> are much easier to tap. A cousine of mine was able to pick up a neighbors
> cordless phone on his walkie talkie that his parents bought at sears.
> Basicly, cordless phones do not utilize any private addressing, which is
> why
> there are no laws prohibiting their tapping.
Again, I don't need to know your unit's internal ID number to listen in
since the transmission is in the clear. The main reason that it is
illegal to listen into cellular is that the industry has spent millions
of dollars lobbying Congress to make it illegal. Since cordless
manufacturers don't collect a monthly fee, they don't have the cashflow
necessary to buy a similar law.
> One final note, cellular phones aren't as secure as we would like to think.
> A friend of mine often picks up cellular phone calls on her shortwave
> radio.
Since shortwave runs from .5Mhz to 30 Mhz, it isn't likely that she was
listening to cellular at 860 Mhz, but there is a good deal of ship-to-shore
traffic on shortwave.
Its a trivial matter to listen to cellular. In fact, since the current
cellular frequencies were assigned to the upper channels of the UHF
television band, you can even listen in by tuning an older TV to the
channels from 78 to 83.
There is a book that describes the various radio/phone combinations,
i.e. cordless, cellular, marine, ship to shore, etc. If there is any
interest, I can post the reference.
--rick
+-----------------------------------------------------------------+
| Richard Hoffbeck INTERNET: rwh@moose.cccs.umn.edu |
| Colon Cancer Control Study Packet : n0lox@wb0gdb.mn.usa.na |
| University of Minnesota CIS : 72406,521 |
| Minneapolis, MN 55455 Genie : rhoffbeck |
| (612) 627-4151 |
+-----------------------------------------------------------------+
------------------------------
From: "Life..." <gberigan@cse.unl.edu>
Subject: Re: Cordless Phones
Date: Sat, 23 May 1992 17:34:36 GMT
lemson@ux1.cso.uiuc.edu (David Lemson) writes:
>Beware "Digital security". This means that it has the codes so that
>no one can pick up your line (at least not easily). Most likely,
>the voice transmissions are still analog. Anyone can buy a scanner
>at Radio Shack and listen in to those frequencies. I have picked up
>cordless phones up to a mile away with a handheld radio shack (old)
>scanner.
>
>BTW, in most states, it is not illegal to listen to cordless phone
>calls. It is, however, a felony to divulge information to anyone
>else about what you heard.
>(It is illegal to listen to cellular conversations, though).
The local cable company (CableVision) has problems with noise on
channels 19, 20, and in some places 21. The cableco _says_ there's
nothing they can do about it. Sometimes the reception is so bad on the
stations that the TV will actually tune into the noise. The noise is
caused by Lincoln Cellular's pager system, and when the TV tunes into
it, you can hear the voice pager messages clearly.
So who should be charged with the crime of listening to the cellular
bands? The people who are trying to tune into VH-1 and getting them
instead, accidentally, or the cableco who can upgrade their equipment to
prevent this from happening? Would they legally be required to do so?
>David Lemson (217) 244-1205
>Internet : lemson@uiuc.edu UUCP :...!uiucuxc!uiucux1!lemson
>NeXTMail accepted BITNET : LEMSON@UIUCVMD
--
/// ____ \\\ | CAUTION:
| |/ / \ \| | | Avoid eye contact. In case of contact, flush
\\_|\____/|_// | mind for 15 minutes. See a psychiatrist if
\_)\\/ | irritation persists. Not to be taken
gberigan `-' cse.unl.edu | seriously. Keep out of sight of children.
------------------------------
From: The Jester <ygoland@edison.seas.ucla.edu>
Subject: Re: Cordless Phones
Date: 23 May 92 21:02:16 GMT
In article <comp-privacy1.33.15@pica.army.mil> none@gmuvax2.gmu.edu writes:
>In article <comp-privacy1.30.9@pica.army.mil>,
>jangerma@magnus.acs.ohio-state.edu (Jake Angerman) writes:
>>
>Each cordless phone communicates with it's base via a particular frequency.
>If by chance your neighbor's and your cordless phones both operate on the
>same frquency (possible but statisticly improbable) you could answer his
>calls with your handset and vice versa. Most certainly there are duplicate
>frequencies out there, just as somebody out there has the same door key as
>you do..... However, the chance of both you and your neighbor having the
>same frequency is again very low.
TOTAL COMPLETE ABSOLUTE NONSENCE! I own a panasonic two channel
cordless telephone. There is an AT&T cordless on another line in the
house and our neighbors own their own cordless phone. The AT&T and
our neighbors phone each have only one channel. Guess what? The AT&T
is my channel 1 and the neighbors are on my channel 2. If I want to
listen in on either I just turn my phone on! when the AT&T phone
rings I can hear the ring through my handset (it doesn't actually
cause my phone to ring). If my phone is on channel two and my
neighbors phone rings, SO DOES MINE! The only reason they can't call
through my handset is because panasonic uses a code between the
handset and the base which tells the base that this handset is
authorized to call out. In addition, if I forget to change my phone
off channel 2 I often can't even answer a call from the handset
because of interference from the neighbors. I have to run upstairs
and touch the antenna from my handset to the base in order to answer
the call. So don't tell me about statistical probabilities. Either I
just hit a probablity so low that I'd have a better chance of
winning the lottery or your just plain wrong.
The Jester
--
For some reason unintelligible to me, Lord Acton's dictum that
"Power tends to corrupt and absolute power corrupts absolutely"
is rarely raised in connection with judges, who...possess power
..that comes [close] to being absolute"-Judge Bork
------------------------------
From: Charlie Mingo <Charlie.Mingo@p4218.f70.n109.z1.fidonet.org>
Date: Fri, 22 May 1992 18:28:10 -0500
Subject: Some technical corrections (was Re: cordless phones)
John Stanley <stanley@phoenix.com> writes:
> No, "tapping" of cellular phones is illegal because the cellular phone
> companies chose to lobby Congress to make it illegal in an attempt to
> maintain some vestige of privacy where there really is none.
Either that, or Congressmen (who, after all, tend to be heavy users
of cellular phones) decided they didn't want their own private conversations
intercepted, and decided to discourage tapping by making it a felony.
And if you don't think that the ECPA discourages cellular eavesdropping,
just ask Senator Robb, whose aides have already gone to jail for doing
this (and who may join them there himself). Maybe they thought the law
was "unenforcible."
> Basically, cordless didn't have as good a lobby as cellular.
Either that, or Congress decided that there were so many different
manufacturers, each with a differing level of security, that it was
impractical to try to develop a common rule. Or maybe not enough
Congressmen were cordless phone users.
------------------------------
Date: Fri, 22 May 92 15:14:10 EDT
From: Brinton Cooper <abc@brl.mil>
Subject: Databases
Conrad Kimball <cek@sdc.boeing.com> discusses personal privacy:
> Some of the Scandinavian countries are trying. Collectors of
> information must notify those who are in the databases, I think, along
> with some other restrictions or rights of the individual that I don't
> remember now.
As another individual, I have some questions.
What constitutes a database? I keep my Christmas card list on an old
workstation at home and print pre-addressed gummed labels every year.
Is this a database? Would it fall under regulation in those countries?
What about my address book? It looks like a database... Does a
computer have to be involved? Why?
My other concern is Constitutional. When does your right to privacy
conflict with my right to freedom of expression (barring libel and
slander, of course)?
DISCLAIMER: The foregoing has nothing whatever to do with my employer.
_Brint
------------------------------
Date: Fri, 22 May 92 16:15:07 PDT
From: Mark Bell <idela!bell@uunet.uu.net>
Subject: Re: California Drivers Lic & SSN
Well, since we're on driver's licenses...
California now seems to have a law that one has to submit a Social
Security number for driver's license renewal. Does anyone have any
advice on how this can be avoided? What if one is a minister who has
taken a vow of poverty and doesn't have an SSN?
Mark Bell
[Moderator's Note: I think it would be very tough in today's times to
state one does not have a SSN. The only possible exception being a
recent immigrant. _Dennis ]
------------------------------
From: "Darren E. Penner (Dokken" <dpenner@ee.ualberta.ca>
Subject: Call waiting and Caller ID
Date: Sat, 23 May 1992 09:47:08 GMT
Just a note to the uninformed people spreading all sorts of rumers about
call waiting and caller ID.
You WILL NEVER see the number from a person if you are using the line. This
is becuase the callers ID is sent between the First and Second Rings. Now
if you are familar with call waiting, the phone does NOT ring, it just beeps,
an entirely different notification technique. Also note that it happens
AFTER the first ring, so you can not tell in advance who is calling.
As for the Thread about call waiting and computers.... If your company is
up to the level of offering caller ID I can garantee you you can DISABLE
call waiting on a call by call basis. Thus if I am expecting an important
call, and do not care about being dumped I leave call waiting on. Or more
often, the computer link is more vital, I disable it in my ATDT string.
(Our exchanges use *77, but it may differ in some areas)
Minor Flame: PLEASE make at least a semi informed post, UNLIKE
>>>I think that it might work this way
>> No I think you are wrong.
> I think he is right, but I have never seen it, or know of anyone who has it!
As the above thread was running.
PS: I use ALL of the new phone services and value them greatly.
--
------------------------------------------------------------------------------
Darren E. Penner | dpenner@ee.ualberta.ca | Opinions are my
KWM Consultants Limited (Work) | alberta!bode!dpenner | own unless stated
U of A, Edmonton, (University) | Phone No. (403)-481-8785 | otherwise.
------------------------------
Date: Mon, 25 May 92 11:49:42 -0700
From: Peter Marshall <ole!rwing!peterm@uunet.uu.net>
Subject: One-Party Consent in Washington State
This state's interception statute, generally considered to be one of
the most progressive, typically requires consent of both parties for
lawful interception of communications. However, the Legislature, after
earlier efforts had failed for a few years, mamaged to carve out an
exception for the "war on drugs," one' might say. More recently, an
exception "had" to be created for CallerID, if a proposal had been
approved by the PUC.
More recently, according to a 5/22 SEATTLE PI article, the "war on
drugs" exception was upheld by the State Supreme Court, which also
managed to decide in what was termed a "related matter," that "innocent
people inadvertently recorded during a legal telephone intercept have
no grounds for claiming invasion of privacy unless they can show real
harm. The latter case involved a civil action alleging the Bellingham
PD had violated a woman's right to privacy by recording "her brief
conversation with officers trying to contact her father."
The beat goes on...?
Peter Marshall
------------------------------
Date: Mon, 25 May 92 11:00:39 PDT
From: peter marshall <lorbit!rocque@uunet.uu.net>
Subject: AmEx Settlement
"American Express Privacy Accord Could Become a Model," according to a
5/14 WA POST article appearing that date in the SEATTLE TIMES. In a
5/13 agreement with the NY State AG's Office, AmEx agreed "to inform
its 20 million cardholders that it tracks their buying habits to
compile marketing lists that it sells to other merchants," and also
said it "would make clear to cardholders that they may 'opt out' of
such lists." The POST said the agreement "could become a model for
privacy protection across the country."
The article pointed out that "The settlement underscores how, to an
ever-increasing extent, computers allow lenders and merchants to
collect information about their customers, and potentially use it for
purposes other than simply tracking a transaction for billing
purposes." The POST suggested that the AmEx settlement is thought to be
the first of its kind involving a credit-card issuer, and that AmEx
seems to be one of the most advanced users of such technologies. NY AG
Abrams stoated that he's proposed a new law requiring credit grantors
to disclose marketing uses of information and providing an "opt out"
choice for such customers.
--
Peter Marshall(rocque@lorbit.uucp)
"Lightfinger" Rayek's Friendly Casino: 206/528-0948, Seattle, Washington.
------------------------------
From: Peter Marshall <ole!rwing!peterm@uunet.uu.net>
Subject: Re: CallerID Decision
Date: Mon, 25 May 92 11:36:36 PDT
Replying to Mr. Rudd's observations of 5/15 on this earlier post; as
the title of the original article in question here was rather
misleading, so were some of the reactions to the posted version of this
piece.
In the first place, the article actually refers to a PUC rulemaking,
and not to any proposal by a telco. Further, that rulemaking was
intitiated to preserve the PUC's freedom of action as against the
Biden-amended Kohl bill's preemption provisions.
Re: the reference to public input at the earlier series of public
meetings held by the PUC; the preponderance of that input was as
described in the article, and yes; there was input reflecting "called
parties rights;" which, however, was outweighed by other opinion at
these meetings.
On the other hand, it is the case that this rulemaking did not cover
"block- the-blocker" options, nor did it intend to; the assumption
being that such questions could be dealt with on a subsequent
case-specific level.
In summary, if one wants what the poster seems to want, then it would
seem one is best advised not only to get their information straight,
but to use opportunities for public participation, rather than simply
whining, not only after the fact, but out-of-state, to boot.
------------------------------
From: allens@yang.earlham.edu (Allen Smith)
Newsgroups: comp.org.eff.talk,comp.society.privacy,misc.legal
Subject: Re: PBX monitoring
Date: 26 May 92 04:59:10 EST
References: <TRa5kB1w165w@tsoft.sf-bay.org>
Followup-To: comp.org.eff.talk,comp.society.privacy,misc.legal,alt.security
From alt.security:
In article <TRa5kB1w165w@tsoft.sf-bay.org>, bbs.ruscal@tsoft.sf-bay.org (Russel
Mar) writes:
> There are rumors at a local fortune-500 company that their division is
> monitoring voice comunications. My recollection is that this is illegal
> unless notified. I believe that the intention is to uncover industrial
> espionage by employees talking to competitors.
>
> Question: Is this considered illegal (State of California), and is there
> legal presedant one way or another ?
>
> On a related note, I believe that unless otherwise guranteed, electronic
> comm channels (E-mail, modems, net traffic) are NOT considered private by
> a company. Does this hold also for FAX communications ? I would assume
> so.
------------------------------
End of Computer Privacy Digest V1 #035
******************************