Date: Tue, 17 Aug 93 16:37:17 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V3#015
Computer Privacy Digest Tue, 17 Aug 93 Volume 3 : Issue: 015
Today's Topics: Moderator: Dennis G. Rears
Re: Digital Cellular - was Re: First Person broadcast on privacy
Re: Digital Cellular - was Re: First Person broadcast on privacy
Re: Enhanced Driver's License
Encryption policy
Re: Encryption policy
About 'Terminal Compression'
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
Date: Fri, 13 Aug 93 17:19:43 EDT
From: Brinton Cooper <abc@arl.army.mil>
cc: comp-privacy@PICA.ARMY.MIL
Subject: Re: Digital Cellular - was Re: First Person broadcast on privacy
Organization: The US Army Research Laboratory
Christopher Zguris <0004854540@mcimail.com> writes, in part:
> Okay, so if you have a fully digital system without encryption using
> spread-spectrum..., how long would it take your average person with a
> scanner to tune around trying to follow the call?
In the cordless phone application, the power spectral density would be
so low (10 to 30 dB below the power of an equivalent CW carrier), that
you signal would be undetectable beyond a very short distance. Further,
spread spectrum comes in two flavors. In frequency hopping, the carrier
changes a few hundred to a few thousand times per second; hence, it's
quite impossible for someone with a scanner to follow the hop pattern
manually. Further, if cryptographically safe hopping sequences are
used, it's quite difficult even to automate the process of guessing the
sequence. In "direct sequence" spread spectrum, you can think of the
carrier as moving around continuously in the spectrum. Again, this is
quite hard even to detect and much harder to "break" if the design is
done at all wisely.
> Or are the bulk of the eavesdroppers out there using
> hacked cellular phones that would automatically follow the freq. shifts
> to provide continuous coverage like the real phone?
Cellular phones generally don't do spread spectrum, so hacking them is
as much work (see above) as hacking any radio receiver to do the job.
The previously quoted article mentions "spread spectrum cordless
phones." The security of spread spectrum, plus the ability for many users
to share a common chanel without interference makes spread spectrum a
strongly viable option for cordless phones.
Finally, as Christopher Zguris points out, digital cellular telephony
offers the potential to encrypt the codes so that stealing them would do
no good.
_Brint
------------------------------
From: Phil Karn <karn@qualcomm.com>
Subject: Re: Digital Cellular - was Re: First Person broadcast on privacy
Organization: Qualcomm, Inc
Date: Sun, 15 Aug 1993 06:17:21 GMT
In article <comp-privacy3.13.2@pica.army.mil>, 0004854540@mcimail.com (Christopher Zguris) writes:
|> Okay, so if you have a fully digital system without encryption using
|> spread-spectrum (by spread-spectrum I assume you mean frequencies are
|> changed very often during the call), how long would it take your
|> average person with a scanner to tune around trying to follow the call?
|> It would seem like most of the time would be spent on tuning and little
|> on listening! Or are the bulk of the eavesdroppers out there using
|> hacked cellular phones that would automatically follow the freq. shifts
|> to provide continuous coverage like the real phone?
Actually, the particular form of spread spectrum we use is "direct
sequence". You're thinking of "frequency hopping".
Your standard AM/FM/SSB scanner will be useless in intercepting CDMA
cellular, and in a year or so you won't be able to buy new scanners
that cover the cellular band anyway. However, as you say, the trend
is already toward modifying cell phones to act as scanners, so that
stupid scanner law is pretty much irrelevant.
There are some complications, however. To monitor a call in our
system, you need to know the user's "private long code", which is an
offset within a 2^41-1 bit PN spreading sequence that is computed at
call setup time as a by-product of a one-way crypto hash function that
is used for caller authentication. However, the spreading sequence is
generated by a linear feedback shift register, and standard methods
exist to crack these. There are also some properties of our system
that could be used as "tricks" to simplify the process. It would take
some hardware and some knowhow, though.
I should mention that this applies only to the forward (cell to user)
link. The reverse (user to cell) link uses a somewhat different
modulation format (though it's still spread spectrum) that requires a
different ASIC to demodulate. These chips won't be as readily
available since they'll not be in every phone. Also, this link is
tightly power controlled, so you are not likely to be able to gather
enough energy unless you're very close to the person you're
intercepting.
By the way, unlike current analog systems where you only need listen
to the forward link to hear both sides of the conversation fairly
well, you would need to intercept both links in a CDMA system to hear
both sides of the call. That's because we use digital echo cancellers
at the MTSO to remove the reverse link audio from the forward link
signal. This is necessary for good voice quality, since the round trip
delay through the system (about 100ms in the production version) would
otherwise make this "sidetone" most annoying to the user.
Isn't one of the
|> other benefits of the digital system the ability to eliminate cloning
|> of ESN (it's ESN for a cellular right? so many abbreviations for serial
|> numbers), if the ESN is protected than a hacked phone would be more
|> difficult, or there'd be no benefit in eliminating fraud which is the
|> cellular industrys' main goal with digital right?
Yes, both the IS-54B (TDMA) and IS-95 (CDMA) systems will use the same
mechanisms for authenticating users. Basically it involves a one-way
hash function in a challenge-response protocol. Although the strength
of the function is unknown (having not been published for meaningful
cryptanalytic study) the basic scheme is reasonably sound. It is more
cumbersome than it could have been had a public key cryptosystem been
selected, though.
These mechanisms do *not* require digital voice transmission to
work. They could be applied to the current analog system, because it
already uses digital control methods. However, there would be an
obvious backward compatibility problem, so the carriers have decided
to add the authentication features to the digital systems first (since
the phones have not yet been deployed in large numbers). There will
probably continue to be fraud on the analog systems as long as they're
around, but eventually they'll go away when they are replaced with
digital.
Unfortunately, due to government pressure, there is no meaningful
encryption of the actual voice data in either of the digital cellular
formats. So it is probably only a matter of time before underground
kits appear to decode all of the new digital cellular formats.
C'est la vie.
Phil
------------------------------
Date: Fri, 13 Aug 93 19:42 PDT
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: Enhanced Driver's License
MP%MPA15C@mpa15ab.mv-oc.unisys.com writes:
> Steve E. Kolodney, director of California's Office of Information
> Technology describes how California is "transforming driver's licenses
> into personal identification and authentication devices."
>
> "California licenses now look more like credit cards with magnetic
> stripes as well as the owner's picture, Social Security number and
> thumbprint. Kolodney said citizens can insert their enhanced licenses
> into state kiosks to reserve recreational facilities and obtain state
> information."
Let us stop the folklore before it takes over as fact. While all of
these items (picture, thumbprint, SSN) are on file with the DMV, only
the picture actually appears on the license itself. The license number
is a DMV-only number and the SSN does not appear on the card, nor does
the thumbprint. The DMV makes a large point to tell license holders
that the mag stripe does not contain any information that does not
appear on the front of the card. Since neither the SSN nor thumbprint
appear anywhere on the front, it would be assumed that they are not
encoded into the stripe.
All information that is kept on record is digitized, however. But the
above would lead a reader to believe that showing a physical driver's
license reveals information that it definitely does not.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
Date: Sat, 14 Aug 1993 18:59:35 -0400 (EDT)
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Reply-To: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Encryption policy
"Leo J. Irakliotis" <irakliot@LANCE.ColoState.Edu>, writes:
> Hope I'll get some responses here. Is encryption in email legal?
If you are within the United States, the opinion of the NSA
notwithstanding, the answer is Yes. And there are several packages
available for it including PGP and RIPEM. Some other countries allow
encryption and others do not permit it at all.
> Is it legal for an electronic mailing list, or a usenet newsgroup
> to operate using encryption?
Well, unless everyone on the mailing list has decryption software of
the same type as yours, it might be a little difficult for them to
read the message!
Built right into 'rn' and several other forms of torture which I
laughingly refer to as usenet news readers, is the 'rot13' encryption
feature which rotates each letter of the alphabet in a message forward
by 13. This is used to post the endings to movies, or anything
else where the story might be spoiled if you read it in advance.
For example: A dog
is rotated to: N qbt
(The next letter after z is a).
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
The life of a pious minister is visible rhetoric.
-- Hooker
------------------------------
Date: Mon, 16 Aug 93 08:59:53 BST
From: A.J.C.Blyth@newcastle.ac.uk
Subject: Re: Encryption policy
James R Ebright <jebright@magnus.acs.ohio-state.edu> writes
>In article <comp-privacy3.13.6@pica.army.mil> irakliot@lance.colostate.edu
>writes:
>>Hope I'll get some responses here. Is encryption in email legal?
>Yes. How could it be otherwise? As long as the headers exist and the
>data is ascii characters, the net will pass it along.
The net just passes characters along - so I see no reason why
encryption would not work. The real question is what do the carriers
think about such things.?
>>Is it legal for an electronic mailing list, or a usenet newsgroup
>>to operate using encryption?
Well is ROT13 encryption.............................................???
>>If encryption is against the law, please site some references.
>Encryption is illegal for ham radio in the US. Government agencies are
>regulated as to the type of encryption they may use -- to make sure it is
>good enough but not too good :) I believe cross border traffic in France
>must be non-encrypted.
Here in the UK electronic mail and news is carried via British Telecom.
There is a law which says that for any encrypted data which is transmitted
via a public carrier, the carrier must have the ability to decrypt it.
Thus they all make you give them the master key.
Andrew.
__________________________________________________________________________
Andrew Blyth
Department of Computer Science, |
20 Windsor Terrace, | Tel No. +44 91 222 8972
University of Newcastle Upon Tyne, | Fax No. +44 91 222 8788
Newcastle Upon Tyne, |
England. | EMail. A.J.C.Blyth@newcastle.ac.uk
NE1 7RU. |
__________________________________________________________________________
------------------------------
Date: Sun, 15 Aug 1993 03:29:55 -0400 (EDT)
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Reply-To: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: About 'Terminal Compression'
A company (Inter Pact) has run a number of advertisements on
the Internet regarding their book 'Terminal Compression' which
has been subsequently released in text form which can be downloaded via
FTP, with the idea that if you read it you will send them a shareware
donation. I probably would never have read the book if it hadn't been
made available that way.
The copyright slugs on the text indicate publication years of 1991-1993,
seemingly indicating a recently issued book. (One of the items in the
book is the mention of the new E-Mail address for the White House,
which was only created this year.)
The book has a number of holes in it which I could see through and I
decided to comment. A shorter version of this message has gone to the
Telecom Digest.
The book deals with the combined issues of some of the dangers of
technology and the threats to the privacy of individuals, I have
therefore posted this review to both the Risks List and the Privacy
List.
I will mention one hole which is so obviously inaccurate as to
be ridiculous: A government agency gets a court order telling the
newspaper in the story, "The New York City Times" (note: not 'The
New York Times' but the article makes clear that the paper on Sunday
is '34 pounds') to not print any articles dealing with the ability
to read CNG emissions (this is the leakage off a computer or monitor
which can be read like a radio transmitter from a distance by
electronic equipment.) A reporter writes an article from research,
and an agency gets a prohibition not just against that article - which
is a dubvious issue to get a prior restraint order against in the absence
of use of government material, anyway - but that this court order is not
to stop a particular article, but to completely prohibit any articles
regarding that particular *subject*! I've never heard of a judge that
would even consider issuing that type of order, (an appeals court would
tear him to shreds) and this assumes the paper wouldn't (1) print the
article anyway and risk a contempt citation (2) print a _blank_ article
and a copy of the court order. Apparently this order was never
publicized; any time a government agency tries to suppress
publication of something in a newspaper it usually makes _national_
headlines; the press takes threats to the 1st Amendment *very* seriously.
CNN's use of the Noriega Tapes comes to mind, and, of course, the Pentagon
Papers and the A-Bomb schematics cases.
Without intending to spoil the story, I wanted to point out that it
mentions only AT&T as the national long distance carrier; a
deafening silence exists about MCI and Sprint. Yet later in the book it
mentions 'FTS-2000' the private network for government telephone calls
that MCI has unsuccessfully been fighting ever since 1/2 went to AT&T
and 1/2 went to Sprint, from the time of its creation.
At a point in the book, it mentions that the National Security
Agency (NSA) uses its massive computer arrays to monitor - in real
time - every telephone call connection made in the U.S., e.g. every
dial call from and to any point and the call being forwarded, and to
where. This seems to forget that despite there being some 200+
service points (called LATAs in the trade) in the U.S. where every
call has to go into or out of, not to mention the private cellular
carriers, plus local call forwarding setups and call forwarding
through PBXs. Plus private cellular companies, trunked mobile
radiotelephone companies, ham radio patches...
Even in the book it mentions that one of the calls made by some
of the criminal elements in the book went to 'a Canadian Cellular
Exchange'. I find it hard to believe that a Canadian telephone
company is going to let a U.S. government agency inquire into
its phone system without a court order issued by a Canadian judge.
Is Pacific Bell goint to allow someone from the Canadian Department
of Revenue or Scotland Yard have the list of who owns what non-listed
number without a U.S. Court Order? I think not. (I'll skip over the
possibility of bribery for now.)
I find it a bit far fetched to believe that it is possible to put a 'pen
register' on every telephone call made in the United States. If I call
into General Electric's PBX in New York, or Northrop's in Los Angeles,
is a call transferred out of it (one of perhaps 100 that go out at any
minute) mine or someone else's?
Also, in the story it notes that voice, fax or data transmissions are
detected and that encrypted ones are 'red flagged'. This is a crock.
Bits are bits; there is no way to tell based on the bit stream going
through a data call whether the Zmodem Binary transfer I make is a ZIP
archive, an EXE file, a binary data file, a Word Perfect file, or a binary
file which has been processed with PGP or RIPEM. Bits are Bits; there is
no means to differentiate between a compressed, encrypted transmission
(such as a file processed with PGP) and a binary data file. It could be
possible due to echo cancellers to tell if someone is using a data
transmission device; whether a fax or modem detection is possible is
another thing. And it also assumes someone doesn't switch to a
non-standard method of data transmission such as combined voice and data
on a compressed transmission channel. Or local calls to non-telephone
networks such as Compuserve. Or private long distance companies that
don't use Feature Group service, but simply buy commercial inward lines in
some cities and lease dedicated trunk space.
The virus issues are a little ridiculous too. Now a couple of years
ago a man named William Harrison, I think, wrote a book called 'virus'.
With the same basic idea: a series of rogue computer programs can be
used to allow someone to commit crimes. Harrison's book was much
better: I've had more than 12 years of computer experience as well as
extensive use of MSDOS and there wasn't *a single* technical mistake
in Harrison's book.
The virus issues are rather silly. For one thing, unless someone
is careless on large machines, you can't create viruses for VMS or IBM
mainframes; they have fully operational supervisor state protection
against runaway programs. It might be possible to damage some data in
some files if you contaminated them, but in general the kind of virus
problems that are reported on PCs because every program that runs on a
PC runs with unlimited privelege.
One of the viruses is mentioned that it fries the printer port and "causes
smoke, then while the user checks that, damages the disk drive". Now, I know
it's possible on very old Hercules cards to program them wrong and damage
them, and some IDE drive cards have errors in them and miscommanding them
could damage the card or the disk (due to errors in the design.) This one,
however, is a little hard to believe.
I have said it many times: the only reason that viruses can even exist is
because the operating system does not use the memory and task protection
hardware built into every Intel x86 processor higher than the 80186. A
criminally negligent practice, I would say. A person I know claims there
are bugs in the 80286 task protection hardware, which I find hard to
believe. In any case, 80386 hardware contains working task protection
capability. If viruses became so serious that it was necessary to worry
about them, it would be not too dificult to release the equivalent of the
IBM VM/370 operating system for PCs: at the 80386 level, everything runs
in user-mode protection and does not have of I have said it many times:
the only reason that viruses can even exist is because the operating
system does not use the memory segmentation and task protection hardware
built into every Intel x86 processor higher than the 80186. A person I
know claims there are bugs in the 80286 task protection hardware, which I
find hard to believe. In any case, 80386 hardware contains working task
protection capability. If viruses became so serious that it was necessary
to worry about them, it would be not too dificult to release the
equivalent of the IBM VM/370 operating system for PCs: at the 80386 level,
everything runs in user-mode protection and does not have kernel
priveleges. It can refuse all disk I/O except from the ROM BIOS, any
attempt to access any I/O ports is refused. Without that access - which
requires privelege - a program cannot do damage and can't get access to
the system. A user could well trust a program and allow it access to the
screen ports. And the protection program could either allow certain
access directly or trap access and emulate it. So there would be no means
to get access to the disk drive hardware and no means to attach to other
files. The hardware doesn't permit access without permission.
If you don't want the story spoiled, do not read this paragraph. At the
end of the story, a character responsible for some of the problem meets
with the Director of the NSA and we find out that the attacks were
intentional with the knowledge of the NSA Director, to cause the country
to increase security on its computers. Then, after the director speaks to
the person, he has him arrested. Now, it's one thing to 'burn' one of
your own people, but nobody is stupid enough to put someone involved with
a covert agency in a public trial where he can - as a legitimate defense -
expose an agency's dirty laundry. The argument of 'National Security'
won't wash in a criminal case; if the defense has evidence that will
exonerate it, it is entitled to present it, and if the government requires
it to be suppressed, the court will dismiss the criminal complaint. If
the man was tried in a secret trial or a military court where it could be
hushed up, that's one thing: but a public trial in open court in these
type of circumstances is hard to believe.
My sister is of the opinion that people don't notice technical errors
in books, movies and TV shows. I do and I'm certain other people do, too.
---
Paul Robinson - TDARCOS@MCIMAIL.COM
-----
The following Automatic Fortune Cookie was selected only for this message:
"*You* killed him? I thought he just died."- The Mechanic
------------------------------
End of Computer Privacy Digest V3 #015
******************************