Computer Privacy Digest Fri, 15 Jul 94 Volume 5 : Issue: 006
Today's Topics: Moderator: Leonard P. Levine
Re: Video Camera on Utility Poles
Re: Video Camera on Utility Poles
Re: Video Camera on Utility Poles
Re: Callerid and the FCC
Cellular phone risks/privacy
The Computer Privacy Digest is a forum for discussion on the effect
of technology on privacy. The digest is moderated and gatewayed into
the USENET newsgroup comp.society.privacy (Moderated). Submissions
should be sent to comp-privacy@uwm.edu and administrative requests
to comp-privacy-request@uwm.edu. Back issues are available via
anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp"
with password "yourid@yoursite". The archives are in the directory
"pub/comp-privacy". Archives are also held at ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: tnyurkiw@lagrange.uwaterloo.ca (Tom Yurkiw)
Date: 14 Jul 1994 11:25:57 -0400
Subject: Re: Video Camera on Utility Poles
Organization: University of Waterloo
To me, the issue of video cameras **hidden on utility poles, is
completely different than the question of **visible cameras in public
places. A person standing on a side street in the middle of the night
has an expectation of privacy, wheras a person in the town square with
8 cameras pointed at him does not.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Jul 1994 07:53:55 -0500 (CDT)
Subject: Re: Video Camera on Utility Poles
Organization: University of Wisconsin-Milwaukee
[moderator: This is the first time I have commented on the content of a
posting as moderator. The following posting, by John De Armond
discusses a technique for disabling TV cameras and then addresses the
limits he chooses to place on actions to protect his privacy and
anonymity.
The first of these two issues (disabling cameras) belongs in
alt.vandalism.tv.cameras, if it exists. I will not post followup
material that deals with this. We already are aware that cameras can
be disabled with sling shots, b.b. guns, spray paint and rifles and
new technology here is not for our forum.
The second of these issues, on the other hand, is grist for our mill.
The question of how far we should go to protect privacy or anonimity is
appropriate to our discussion. Should I give a false telephone number
to Radio Shack to avoid their mailing list? Should I give false
information to a political survey? Should I give false information to
the Census Taker? Should I distroy someone else's property if it
intrudes on my private space? These questions are posed in the
following posting and can be profitably addressed by us.
Finally we should note that the nature of eMail forces us to question
if the name "John De Armond" is real or a pseudonym. It might even by
be used by an enemy of Mr. De Armond to get him in some sort of
trouble. We must carefully separate the message from the messenger and
address only the content.]
---------------------------------+-----------------------------------------
Leonard P. Levine | Moderator of: Computer Privacy Digest
Professor of Computer Science | and comp.society.privacy
University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu
Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu
| Gopher: gopher.cs.uwm.edu
levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu
---------------------------------+-----------------------------------------
------------------------------
From: jgd@dixie.com (John De Armond)
Date: 14 Jul 94 21:09:47 GMT
Subject: Re: Video Camera on Utility Poles
Organization: Dixie Communications Public Access. The Mouth of the South.
cntrspy@netcom.com (Executive Protection Assoc) writes: [re
surveillance cameras] Actually they can be had for as little as $5K
for the Telco splice boot and about $10-12K for the transformer.
Pan tilt and zoom are
Here's a bit of information that may be useful to anyone who thinks
they are being surveilled. In playing around with my vidicon-based
security cameras, I discovered that my pocket laser pointer will
permanently burn white spots on the vidicon whereever it hits. Recall
that these devices are very low power, eye-safe lasers. After learning
this, I CAREFULLY experimented with a CCD-based camera. My laser
pointer will not obviously damage the image chip (these cameras are too
expensive to experiment much with) but it WILL make the whole picture
flare out until the camera AGCs down to black with a bright dot. I
suspect that the more powerful 1-5 mw HeNe lasers commonly available on
the surplus market WOULD damage the image sensor chip.
from this it became obvious to me that it is trivially easy to defeat
and/or destroy a surveillance camera if you can see the lens. In order
to do the deed, it is necessary to actually hit the lens with the laser
beam. A set of binoculars is handy for spotting this, as is a tripod
mount for the laser. In order to thoroughly whack the vidicon, it is
necessary to "paint" the lens from top to bottom across its entire
width. If one desires only to flare out the video without necessarily
whacking the camera, one need only to shine the laser in the lens. One
needs to be within the field of view of the camera, of course, and the
closer to on-axis one can get, the better. Some covert experimenting
has indicated to me that a 5 mw HeNe laser will whack a vidicon camera
at a distance of 1/2 mile or more.
For true infrared cameras, an infrared laser diode with suitable optics
should do the deed. It is a little known fact that CCD cameras will
image infrared very efficiently, particularly when equipped with an IR
lens, so such a camera can be used for aiming the laser. Near IR
cameras, those typical of inexpensive "IR surveillance cameras", are
really simply conventional cameras with an IR transmissive lens. These
can be whacked with either a visible or IR laser, depending on the
specifics of the lens. A little experimenting is usually in order.
Oh, and in case it isn't clear, yes I am advocating destroying cameras
that belong to others. Just consider it a bit of direct action against
those who (attempt to) invade my privacy. And no, I don't accept the
premise that I and other ordinary people must submit to surveillance to
facilitate catching an occasional criminal.
--
John De Armond, WD4OQC, Marietta, GA jgd@dixie.com
Performance Engineering Magazine. Email to me published at my sole discretion
Respect the VietNam Vet, for he has survived every attempt by this country
to kill him.
------------------------------
From: RATHINAM@INS.INFONET.NET
Date: 14 Jul 1994 9:45:19 -0500 (CDT)
Subject: Re: Callerid and the FCC
L. Levine said: At this moment it seems that the issue of privacy
is no longer being addressed, the question of costs seems to be the
only question open now. It is becoming clear that equipment is
becoming available (for $70 or so?) that will force your phone to
dial *67 every time you pick up the handset, so per line blocking
between the states will be possible if you wish to buy back your
privacy.
It seems the whole idea of Calling Number ID is thought of with only
one thing in mind : To make money for the telephone companies.
Nothing is wrong with making a profit for the business, but there *are*
a few issues that need to be considered and addressed adequately.
Look at where we are:
(a) you can get CNID for a monthly charge to the telephone company (b)
You need to buy a box/phone with the capability (from telephone company
or third party) (c) You can get an 'unlisted' number for a monthly
charge (d) You can get someone else's unlisted number if he/she calls
you, if you have CNID - and blocking that will a box/phone with special
feature (and I am sure you can buy that from the phone company too, in
addition to third parties).
I bet if the FCC and consumer groups/PUCs are napping, the phone
companies would have offered blocking (per call, and per line) for a
per call/monthly fee.
Also, phone companies do not seem to be earnst in implementing the per
line blocking. When I lived in AZ, I sent in the card asking for per
line blocking and it was NOT implemented . I found out by accident and
called them and told them there will be consequences if they don't
block my line immediately (it took them a day or two after that to
block it). Arizona Corporate Commission wrote to a lot of people to
inquire about CNID implementation and line blocking and any problems
experienced by consumers (I don't know what became of that
investigation, but it seems many people experienced the "my line is not
blocked even though I sent in the card/called the 800 number and logged
that I should have line blocking").
I am not against CNID as such, but the phone companies should be
required to line_block for free - and *67 should NOT be a TOGGLE of
blocking, it should turn it OFF for the call on any line. They should
have a different sequence for turning CNID ON on a blocked line for the
duration of one call. If you have any influence, you might want to
bring up these points before the FCC. Also, I believe a lawsuit has
been filed by some states against the present FCC ruling saying
Unlisted numbers are to be unblocked and displayed.
------------------------------
From: "Prof. L. P. Levine" <levine@blatz.cs.uwm.edu>
Date: 15 Jul 1994 10:48:41 -0500 (CDT)
Subject: Cellular phone risks/privacy
Organization: University of Wisconsin-Milwaukee
from Risks-Forum Digest Thursday 14 July 1994 [16:24] Forum on Risks
to the Public in Computers and Related Systems ACM Committee on
Computers and Public Policy, Peter G. Neumann, moderator
From: "Brown, Phillip" <Phil@gtemc.sprint.com>
Date: 14 Jul 1994 18:01:30 -0400
Subject: Cellular phone risks/privacy
One more contribution on the use and abuse of cellular phone
technology, if the forum can tolerate it. As a technology planning
engineer in the trade, I find the amount of ignorance-fueled fear of
telephony and the vast amount of misinformation on cellular telephony
in particular to be a source of constant amusement (but hey, I'm easily
amused :). I'll address some specific remarks from earlier
contributions first, then raise the noise floor another few dB with my
own views.
Willis H. Ware writes: If cells get smaller in the future, then the
precision of location will increase ...
In a subsequent issue of Risks, Lauren Weinstein writes: If you
read your phone bill inserts carefully, you may have already
received a notice allowing you to choose whether or not you want
your called number information released to VENDORS of
telecommunication services!
The concern about monitoring is justified only up to a point --
remember, the only reason for this information to be saved is because
it has value to someone. Wireline telcos long ago abandoned detailed
billing, and today don't even retain that information unless required
by a government agency; the cost of collecting and storing this tidal
wave of data is still too prohibitive to make it useful on an everyday
basis (this is a situation I don't see changing in the foreseeable
future, either). The cellular phone industry, on the other hand, has
employed detailed billing from its infancy, for reasons driven both by
customer needs (why did this call cost so much?) and economies of
scale (the processing needs have been orders of magnitude smaller than
what is required by our wireline brethren, and at the same time the
silicon revolution has made low to midrange computing power cheap --
many smaller cellular phone companies still do billing on a single
PC!). So, for instance, seeing LA reporters with copies of OJ's
cellular phone bill are no surprise at all, given that the information
is readily at hand and the weakest security link in a system is usually
the human operator. For all the high tech, gee whiz methods of
obtaining cellular phone IDs, the most common way is still for
unscrupulous sorts to bribe or blackmail company insiders into sharing
lists of valid subscribers. In the case of a large company like
AirTouch (or my own), a corruptible someone with access to subscriber
data can probably also get billing data.
Robert Morrell, Jr. and Bob Frankston pointed out different aspects of
the risks of eavesdropping on cellular phone conversations (Mr. Morrell
made the point that it is incumbent upon the user to ascertain and
protect his level of privacy, and Mr. Frankston pointed out the fallacy
of comparing wired and wireless technologies from a privacy
perspective). The so-called security of the wired telephone is
conceptually similar to "security through obscurity" in that it is the
medium itself that makes listening to an otherwise unencoded
communication difficult. It is something that virtually no phone user
has thought about but takes for granted anyhow. I could agree with
Mr. Morrell's extreme-sounding position if there was some assurance
that once the user body was educated about the risk and began demanding
truly secure communication (which I believe will happen eventually) the
option was still available. Right now the US government is trying to
usurp the issue while the body politic is still ignorant, and I see
that as a violation of the public trust. BTW, several companies make
scramblers for analog cellular phones (which work in conjunction with a
companion device on the target phone, either wired or compatible
cellular). The big drawback to these is that they must do most of
their cryptographic work in the frequency domain, and 3300 Hz is not a
lot of bandwidth to play in.
On the general issue of location tracking, I think the greater concern
should be with real-time monitoring. I can sit at my desk today and
find out which cell sites in our network any given phone number has
placed calls on for the last 24 hours (after which time the data is
rolled off into oblivion but continues to be available offline in
printed detailed billing reports). But, as has already been correctly
pointed out, this information is highly imprecise. Triangulation can
be employed with a greater degree of precision (within a few hundred
feet at best), but not consistently enough to be reliable. Data from
technologies such as GPS must be transmitted in-band, so it is useless
to the phone company unless the receivers are integrated into the
network. However, I can't -- and probably won't ever be able to -- get
any of the same information from a competitor, because that type of
data is highly competitive in nature. No competing carriers will share
that information with one another, nor will they be enthusiastic about
providing the data to a clearinghouse where it might be generally
accessible. So in this case competition is our friend. In any event,
every large cellular carrier is already performing real-time network
monitoring, and using called number information to get to the weak
human link is probably more effective for law enforcement anyhow.
Phil Brown GTE Mobilnet pdb540@gtehq7.mail4.gtemc.sprint.com
------------------------------
End of Computer Privacy Digest V5 #006
******************************