informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/COMSEC/cs1986.nws

1853 lines
85 KiB
Plaintext
Raw Permalink Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
ComSec Letter
Editor: James A. Ross
YOGO 2
1986
COMSEC LETTER
The ComSec Letter was started in 1984, The Year Of George
Orwell, by Jim Ross. Initially it was mailed at no charge to
everyone on his mailing list, and it was later offered by
subscription. After the founding of the Communication Security
Association, the letter became its official organ. In 1989 the
association decided to create a new organ, Comsec Journal; and,
in order to minimize confusion, the name of this letter was
changed to Surveillance.
What follows is an edited version of the contents of one
year of the letter. (The letter has been edited to remove
topical, superfluous, and outdated items.)
Ross Engineering, Inc.
7906 Hope Valley Court
Adamstown, MD 21710
Tel: 301-831-8400; Fax: 301-874-5100 January, 1986
THE COMSEC ASSOCIATION
COMMUNICATIONS SECURITY ASSOCIATION, MEMBERS-ONLY NEWSLETTER
The Board of Directors has decided that, starting in January,
the COMSEC LETTER will become the official organ of the
association. Subscriptions currently in force will be honored,
but no further independent subscriptions will be accepted.
Membership dues in the Comsec Association are:
Individual Professional
USA, Canada, Mexico $50 per year
Other Countries $70 per year
Student (send proof of status) $10 per year
Membership applications and other questions to;
CSA, Membership Services
POB 3554
Frederick, MD 21701-0904.
BOARD OF DIRECTORS
The Comsec Association was formed with three directors, Arnold
Blu menthal, James A. Ross, and Craig Silver. Once underway it
became apparent that Craig, the lawyer who handled the
incorporation, might find himself in a conflict situation so
Craig resigned and became our counsel, and Ken Taylor was elected
to the vacant directorship.
Shortly we expect to modify the by-laws to provide for more
direc tors so that we'll have more people helping to guide our
growth. Many of our early supporters have indicated an interest
in working to develop the association, and we expect to take
advantage of their willingness to serve. We'll keep you informed.
MEETINGS, 1986
In 1985 we contracted with a conference organizing firm to
manage COMSEC EXPO '85, but we plan to do things differently in
1986. Cur rently there are plans developing for two meetings
which will be joint efforts between the national organization and
local chapters. At this writing, we have heard from Paul Bowling
and Gene Smith in the Washington, DC area and Ben Harroll in
California in this regard. Please contact one of these people if
you can participate.
THANKS
To all of the volunteers whose hundreds of hours of unpaid
effort contributed to the great panels at COMSEC EXPO '85: THANKS
LAWS
As the laws relating to COMSEC are tested, we'll try to keep you
advised, and we encourage you to mail in information relating to
the testing of the laws -- newspaper clippings from all over
would be very helpful.
On the question of expectation of privacy, for instance, the US
District Court for Connecticut recently ruled that you do not
have a Fourth Amendment right to privacy while engaged in a
private conversation on a public street (United States vs. Lopez,
US District Court for Connecticut, H-84-31, 6-7-84).
So we're back to the question of whether an individual has an
expectation of privacy, and this court thinks that you have no
expectation of privacy on a public street. Seems reasonable.
Now let's consider another public place such as a restaurant. Do
you have an expectation of privacy there? How about when you make
a phone call?
SECURITY ACADEMY
Ken Taylor is proceeding apace with plans for the Security
Academy to be located in the Miami area. The objective is to
establish a training and education facility which will offer
courses on every aspect of security. If you have any ideas along
this line, yer ol' ed would sure like to hear from you.
DID YOUR EDITOR GOOF?
He's afraid that he did.
In trying to figure out what the new privacy law means your ol'
editor jumped to a hasty conclusion which was wrong!
Here's what happened.
The new law says the old law heading should be amended by adding
"AND OTHER ELECTRONIC COMMUNICATION" after "WIRE".
Your ed assumed that the new wording would be "WIRE AND OTHER
ELEC TRONIC COMMUNICATION". Seems reasonable, even now. However,
it's not correct.
Really, one with as many years and gray hairs as your editor
should not have to be reminded to "RTP", but that's the case
here. (RTP means "Read The Problem".) (Probably it should be
amended to be RTPS for "Read The Problem Stupid"!)
Read exactly, the instruction says to add the new words; it does
not say to substitute the new words for the ones that used to
follow "WIRE". And there's the rub. The old words are still
there, and the proposed law does not remove protection of oral
communication as had been published earlier in this letter.
Sincere apologies to all who were misled.
The proposed new law, however, has many faults. Read "Monitoring
Times" or "Popular Communications" for their points of view. Read
COMSEC LETTER for your editor's point of view, and those of any
mem bers of CSA who care to write in on the subject.
DID YOU FORGET?
Subscriptions do expire. All good things must come to an end,
but you can renew this good thing by joining (or renewing your
member ship in) the Communications Security Association.
INTERESTING PRODUCT
Each time we show this product at our seminar it commands a
great deal of attention. It's called a binaural amplifier, and
was recently on sale at your nearby Radio Shack for $21.95. It is
about the size of a pack of cigarets, although much thinner. It
contains two microphones and amplifiers, and provides binaural
sound.
Our investigator friends see great potential in this tiny
device.
Title III? We don't think so, because its design does not render
it primarily useful for surreptitious interception of oral or
wire communications.
Two part numbers: 33-1091 & 33-1000.
MONITORING TIMES
Bob Grove, editor of Monitoring Times, suggested a few issues
ago that it might be a good idea for short wave listeners to
collect information to help the FCC find the bootleggers (no, not
the kind who run moonshine; he was referring to the kind who
transmit illegally).
The response to his editorial suggestion was really surprising.
Most people who responded acted as though bootlegging was as
American as apple pie. They seem to take the position that
breaking the law is a traditional right enjoyed by all true
Americans.
What kind of a generation have we spawned?!?!!
ANOTHER NEWSLETTER
Recently one of our occasional anonymous contributors sent us a
copy of a newsletter that is new to us. It's called YOUTH ACTION
News. The address is: POB 312, Alexandria, VA 22313. (We
searched, but found no subscription information.)
Some of the letter's headlines might give you an idea of its
content:
"DIABOLIC SOVIET WARFARE"
"SATANIC SOVIET BIOLOGICAL WEAPONS"
"SOVIET MIND-CONTROL ATTACKS AGAINST THREE US PRESIDENTS"
"ELECTRONIC MIND-ZAPPING WEAPONS"
"SCIENTIFIC DOCUMENTATION ON SOVIET WEATHERWAR TECHNIQUES"
"SOVIET USE OF SCALAR INTERFEROMETRY"
"FREAK US WEATHER, EVIDENCE OF USSR TESLA-STYLE WEATHERWAR"
Despite this letter's use of some undefined terms (scalar
interferometry, Tesla-style magnifying transmitters, airquakes,
cold explosions, low frequency emissions with psychoactive
characteristics, etc.), and its scare headlines, it does contain
something which seems to be worthy of consideration -- if the
facts are correctly reported.
The part of the letter which intrigues us is the report, by
various qualified observers, of "cold explosions". According to
the newsletter, people on five different airplanes reported
seeing a giant mushroom cloud 180 miles off the coast of Japan on
April 9, 1984. One of the observers was a pilot with B-47 and
B-52 experience, and he reported that there was no flash of light
associated with the mushroom cloud which rose to an altitude of
60,000 feet and was 150 miles wide.
Other observers reported similar sightings at other times and
locations. Certainly such events should have been reported in
the press, but we saw nothing about it.
Can any reader of this letter shed any light on this?
Can any reader of this letter shed any light on the YOUTH ACTION
News newsletter, or its sponsoring organization?
CORRECTION
In our YOGO 1.09 issue we listed various sources of information
about telephones, and we've heard back from one of our
subscribers that one of the addresses is no longer valid. So, if
you want to correct your records, strike the following address:
Western Electric Company, IDC Commercial Sales, Box 26205,
Indianapolis, IN 46226
TAP
People keep telling us that TAP is dead. Somehow we think that
it will start up again. If you are a subscriber, you may yet see
some more issues.
FEEDBACK
From Joe Wilson Elliott (via several phone calls, paraphrased):
Q. "COMSEC EXPO '85 and your COMSEC LETTER seem to be getting
into areas other than countermeasures, and that's what they are
supposed to be concerned with. Too much on data, and computers.
What we're interested in is bugs and taps and countermeasures."
Don't you think that you ought to stick to TSCM?
A. Well Joe, when this letter first started, we called it COMSEC
LETTER because that is the subject that we were writing about.
Somehow though, in these past two years, we've discovered that it
is next to impossible to draw a line between protection of
information in transit and information in storage.
In the old days, stored information was in the form of paper
documents (mostly), and if the documents were stolen, an
inventory would reveal the loss. If the bad guy wanted to steal
secrets without leaving a telltale void behind, he photographed
the documents. The other method of stealing secrets covertly was
to plant a bug or tap a telephone; and the TSCM profession was
spawned to try to protect against these electronic threats. Now,
so much information is stored electronically, and so much of it
is accessible by telephone from anywhere, that there is an
immense new problem, e.g., a major theft can take place, and
there is no way to determine what was taken -- or even that a
theft occurred.
It seems reasonable that those professionals who worked to
detect bugs and taps should extend themselves to provide
protection against theft of all types of information.
Consider this: Information copied from a floppy disk or hard
disk in seconds is equivalent in volume to the amount of
information which could be collected by a tap in a few years --
if the tapper is lucky.
Don't you think that information that is in digital form is
worthy of professional protection as well as information that is
being transmitted by voice in analog form?
February, 1986
RECENT EVENT WITH A MORAL TO IT
Recently in a large east coast city a debugging team was
diligently searching for communications compromises. As they
should have, they looked into the dropped ceiling, but found such
a mess of abandoned wiring that they advised their client to
remove all of the unused wire. Days later, while the client was
in the process of doing this, he found two small black items with
a wire coming out of each one. You guessed it; they were radio
transmitters.
The lawyer for the firm took one of the transmitters to the FBI
complaining of government infringement on lawyer-client
confidentiality, etc. Thereupon the FBI allowed the lawyer listen
to a recording of the activities of the sweep team. Oh,
embarrassment!
Upon being questioned by his employer, the spectrum analyzer
operator admitted that he had seen at least one whopper of a
signal that he could not identify, but said that he could see no
modulation on it so he didn't worry about it.
What's the moral to the story? It's a moral for all sweep team
technicians: if you find something that you do not understand,
point it out to the boss. He's not going to fire you because you
don't understand. Maybe he won't understand, but at least he's
the one who is responsible for the operation, so let him figure
out what to do about it. He'll be much happier to be asked to
figure it out than to be super-embarrassed later, as was the man
whose team's activities were played back to his client's lawyer.
Guaranteed.
Q & A
Q. Don't you think that you might be most apt to miss the most
sophisticated bugs and taps?
A. To answer this question accurately, we must first define
terms. Let's first consider what is meant by a sophisticated bug
or tap. To us, the most elegant systems are the simple ones; so
if your idea of a sophisticated is one which costs a lot to
design and build, we have a basic misunderstanding at the outset.
To put in into perspective, we can use less than $10 worth of
electronic components to build a telephone tap that cannot be
electronically detected by any combination of equipment and
techniques other than a physical inspection of every inch of the
telephone line. If you want a bugging system that cannot be
detected by any combination of equipment and techniques other
than physical inspection, the cost for the bugging system is in
the same range.
So price is no criterion in determining the level of
sophistication of a tap or bug. In fact, the simplest bugging
system consists of a modification of an existing telephone, and
the cost of the components in this system is zero.
(However, there is one aspect of bugging and tapping in which
the amount of money available is extremely important sometimes --
and that relates to attaining access to the target area. If the
bugger has to bribe someone, or to hire someone to break in to
the target area, then the price tag is significant.)
We do not mean to imply that all good attacks are inexpensive.
There are some attacks which would entail high costs. They
include special attacks such as super-high frequency RF, exotic
modulation techniques, unusual carriers, and modification of some
of the modern electronic telephones and systems.
So the overall answer to the question is that finding an
on-premises tap or bug is probable if you have an experienced
team with the proper equipment, and the other side has normal
resources. On the other hand, if the other side has tremendous
resources (time, access and money) -- they'll probably beat you
most times.
However, it's a real world. The enemy is not ten feet tall. He
does not have unlimited resources. He is not perfect. He does
make mistakes, and leave evidence of his activities. If your team
is a good one, and properly equipped, and disciplined, and
thorough, your team is going to find the on-premises system with
regularity.
Keep in mind, though, this very important caveat: "There is no
electronic device or system that can detect even a simple
off-premises tap.
FEEDBACK
During the past couple of years we have heard many stories about
field activities of TSCM teams (such as the story with a moral to
it elsewhere in this issue). As space permits, we'll share many
of those stories with you, including the details (with pictures
also) of Ha Ha boxes, some astounding claims by some folks, and
information on new products, ideas, etc. YOUR comments are
solicited.
NEW CATALOG
Sherwood Communications Associates is offering its new catalog,
with one year of updates, for $20. Interesting, and eclectic,
selection of items, some very expensive and some very
inexpensive. Order from SCA, POB 535, Southampton, PA 18966.
OXYMORON
This word means a figure of speech which appears to be
self-contradictory. The first example that your editor ever heard
was "military mind" and he bristled somewhat at that because, at
the time, he was wearing army green. Another example is
"Independent Grocers Association". You can certainly think of
many more.
Anyway, what should we call a real-life combination which is
self-contradictory? The example that we have in mind concerns a
Bell Operating Company which offers a device for sale which is
forbidden by that company's tariff. This BOC operates under
authority of a tariff (which it prepared) which requires that
anyone recording a telephone conversation must cause a beep tone
on the line to warn all parties that the call is being recorded.
The penalty for failure to comply is termination of telephone
service. The oxymoron-like situation is that this same BOC sells
a telephone answering machine that has a call recording
capability, but no capability to produce a beep tone.
That's right. This company has written a tariff which says that
calls may only be recorded if the recording device emits an
audible beep tone to warn all parties that the call is being
recorded, and at the same time they sell equipment which can
record conversations but cannot generate the required tone.
BOOKS WORTHY OF SPECIAL NOTE
We have touted this book before, but it is truly outstanding and
should be studied by anyone who needs to begin to understand how
the telephone and the telephone system work.
Understanding Telephone Electronics. 292 pages. Paper
back. $3.49 at Radio Shack. Developed and published by
Texas Instruments Learning Center. Excellent book. Prac
tical. No theoretical errors. Contains absolutely none
of the garbage and mistakes propagated by generations of
"experts" in the field.
Since the first edition was published, a new, larger, and more
expensive edition has been created. It is available as follows:
Second Edition. LCB8482. $14.95 plus 1.25 S&H from:
Texas Instruments, Inc.
POB 225474, MS8218
Dallas, TX 75265
If you are concerned about invasions of privacy in contravention
of the Freedom of Information Act, the following book will open
your eyes.
The Private Sector by George O'Toole. W.W. Norton & Co.
1978. 250 pages. Hardcover. $10.95. Reveals the existence
of the Law Enforcement Intelligence Unit (LEIU), a non-
government organization, dedicated to compiling dossiers
on private citizens, which seems to be immune to penetra
tion under the provisions of the FOIA.
If any aspect of George Orwell's fantasies (1984 and Animal
Farm) seem too far out, you should look into this book.
Secret Agenda by Jim Hougan. Random House. 1984. 148
pages. Hardcover. $19.95. The author tells his version of
The Watergate Affair, which is a far cry from what we got
from the news media. For instance, he points out that the
telephone calls monitored in Howard Johnsons Hotel were
not Democrat National Committee business; they were calls
to prostitutes! However titillating that information may
be, the book contains some chilling observations, e.g.,
1. page 90. CIA agents putting their director under sur
veillance with written orders stating "At no time should
the Director be made aware of SUGAR coverage......"
2. page 274. The Secretary of Defense "...... counter
manding in advance any 'unwarranted military directives'
that President Nixon might issue."
3. page 312. "... Alexander Haig had ordered the Army's
Criminal Investigation Command (CIC) to make a study of
the President's alleged ties to organized crime ....."
TRAINING COURSES
Audio Intelligence Devices measures training
1400 NW 62nd St.
Ft. Lauderdale, FL 33309
305-776-5000
Dektor one week and two week
515 Barnard St. technician training courses
Savannah, GA 31401
912-238-0075
Information Security Associates four day technician course
350 Fairfield Ave.
Stamford, CT 06902
203-357-8051
Jarvis Intl. Intelligence, Inc. measures and countermeasures
3212 N. 74th Ave. E training and service
Tulsa, OK 74115 also, methods of entry, etc.
918-835-3130
Ross Engineering, Inc. two-day seminar on Comsec
7906 Hope Valley Ct. for managers and
investigators
Adamstown, MD 21710 special short briefings
301-831-8400
Texas A&M University System countermeasures technician
College Station, TX training
409-845-6391
COMMUNICATIONS SECURITY ASSOCIATION, MEMBERS-ONLY NEWSLETTER
(This announcement is repeated for the benefit of those who may
have missed it in the earlier edition.)
The Board of Directors has decided that, starting in January,
the COMSEC LETTER will become the official organ of the
association. Subscriptions currently in force will be honored,
but no further independent subscriptions will be accepted.
Membership dues in the Comsec Association are:
Individual Professional
USA, Canada, Mexico $50 per year
Other Countries $70 per year
Student (send proof of status) $10 per year
Membership applications and other questions to;
CSA, Membership Services
POB 3554
Frederick, MD 21701-0904.
PHOTOSENSITIVE EPILEPSY
Computer Security Digest reports that some people suffer
seizures when the flashing rate of the VDT is four to ten pulses
per second. This may be the same phenomenon that one of the
flying magazines reported years ago under the name of flicker
vertigo. That report said that the critical rate was twelve
pulses per second.
March, 1986
COMSEC ASSOCIATION
The COMSEC Association is gradually beginning to take form with
some volunteers in the DC area working on membership programs and
meeting plans for 1986. Sometime this summer, we'll be
announcing plans for at least one national meeting this year. No
grand plans, just a simple meeting with a few exhibitors, and
some conferences featuring some of the most knowledgeable people
in various fields.
Our Board of Directors has been increased in size from three to
five and we expect to increase the size again before the end of
the year. Elected to the two new seats were Paul Bowling and E.T.
(Gene) Smith. They are working together to expand the membership
and to set up our 1986 meeting in the Washington, DC area. If you
have any questions, or if you want to volunteer to help, call
Paul on 301-843-3809 or Gene on 703-533-8555.
If all goes well, we expect to be able to add staff by summer
and that should put an end to the communications problems that
have existed with only one volunteer worker to handle everything.
PRIVACY OF PHONE CALLS
The public switched telephone network is not secure. Any
information being transmitted over metal wires can be picked off
by a third party easily and with almost no chance of being
detected.
Note that we say any information, and that is precisely what we
mean. Whatever is being carried over those wires, be it analog,
dig ital, or any combination, can be picked off very easily.
What level of technical expertise is necessary? Well, we've said
it before and testified to it in federal court: about ninth grade
hobbyist. In fact, one installer who testified in the same court
case said that he had installed his first extension phone when he
was nine years old! So our ninth grade hobbyist might just be a
mite overqualified.
LETTER TO THE EDITOR
Recently the Washington Post ran an editorial under the heading
"Taps without Wires", and your editor thought that the Post
readership would benefit from exposure to his ideas on the
subject, and so, sent the following letter to the Post.
Dear Editor:
Your editorial "Taps without Wires" concludes that the federal
laws relating to communications privacy should be
updated and upgraded soon. As an engineer who has testified
as an expert in federal court as to the meaning of the old
(1968) law, I agree with your conclusion wholeheartedly.
However, I cannot endorse your implication that the old law
prohibits eavesdropping on voice communication between
humans, because it does not. In fact, none of those words
is even used in the old law. Instead, it prohibits "surrep
titious interception of oral or wire communication" and
defines interception as the "aural acquisition" of the con
tents of oral or wire communication.
That means that, under the 1968 law, if no one other than
the intended recipient ever heard the contents of a message
transmitted by wire, then no interception took place. Two
absurd scenarios flow from the convoluted language of this
law:
1.if a data transmission (a series of audible tones)
is recorded and played back so that it is heard by a
human (or animal) a felony has taken place -- even
though the message was never understood by anyone
other than the recipient, or...
2. if a voice communication between humans has been
recorded and transcribed into written form by modern
computer techniques without ever being heard as sound
by man or beast, then no violation of the law has
occurred -- even though the full content of the mes
sage is available to the eavesdropper.
Our legislators in 1968 set out to prohibit eavesdropping
on voice communications between humans, but they wrote
something with an entirely different meaning.
Yes, change is in order. Let us hope that Congress will
listen to some unbiased technical advice, and write a law
that will correct the deficiencies of the old law and be
enforceable.
P.S. I recognize that my views are contradictory to what
has appeared in the lay press, and even to some of the
material provided to the Congress by their Office of Tech
nology Assessment. However, before throwing my letter into
file 13, I ask that you do either or both of the following
things: 1. read the law, or 2. call me.
So far as I know, I am the only engineer who has ever
testified in federal court as to the meaning of the old
law. I have studied that law and its legislative history,
and discussed it with many legal scholars. I regularly lec
ture on this subject (see enclosed material), and I am one
of the founders and the first president of the Communica
tions Security Association.
I am not a kook. I have no ax to grind.
My only reason for wanting to be heard is an honest desire
to present accurate and unbiased information so as to correct
a popular misconception as to the meaning of the current
law and to help to see that an effective new law is
enacted.
TAP DETECTION
In our July 1985 issue we carried a segment that stated, several
times, that there is no electronic instrument that can detect
even a simple tap.
That is a verity.
However, shortly after that item appeared we got a note from a
brash young man named Roger Tolces. Roger lectures the professor,
telling him he should find out what a TDR is.
Dear Roger: Sorry about that. This old head conducted detailed
TDR experiments with some other engineers and technicians some
years ago -- probably before you even got into this business. You
don't have to introduce Jim Ross to the TDR; he has tested it
against some very simple circuitry, and it cannot detect even a
simple tap.
Dear Reader: Please stay tuned. More on Roger Tolces and the TDR
and his intriguing tale about his experiences with the FBI in a
future issue.
Meantime, believe it: There is no electronic instrument that can
detect even a simple tap. We'll tap a phone line and beat Roger's
TDR one thousand times out of one thousand attempts to detect our
tap. (By the way Roger, why not take us up on our challenge to
create a better definition of a tap?)
FEEDBACK
Sometimes the feedback comes in wonderful quantities, and this
is one of those times. In addition to the letter about
photosensitive epilepsy, other items in recent issues have
triggered some of our readers to send us enlightening material.
First, many responses to our query, "Should we change the name
of this letter?" A few interesting names were suggested, but the
majority cast their votes for leaving the name the same. One
respondent wants us to stop using the YOGO dateline, but we're
not ready to even consider that yet. (By the way, do you know
what it means?) (It's your editors way of trying to make a point,
and he'll expound on that later.)
Our January issue mentioned an audio amplifier from radio shack
called the binaural amplifier, and that drew a response from one
of our regular anonymous straight-talking responders: "It's a
piece of ____!" We thank him for his explicitly stated evaluation
of this item. What's your opinion?
And then there was a piece about Youth Action News. Talk about
feedback! We now have TEN issues, going back to 1977. To our,
again anonymous, contributor we say, "Many Thanks. Your help is
really appreciated. With regard to Youth Action News, as we
stated in the first segment on this publication, we're leery of
material which uses words that are not defined. However, we
promise to give all of this a thorough reading and to report on
our opinion in a future issue.
HARASSING PHONE CALLS
Steve Barnhart tells us that there is a device called "Shriek
Circuit" which may have application in discouraging harassing
phone callers. It is supposed to send a powerful blast of sound
to deafen the caller. He hasn't tried it, and we haven't tried
it; so we're not recommending it. (As mentioned in an earlier
letter, we're quite certain that the sound level will not be
passed through the phone system undiminished.)
Steve says it is sold by Consumertronics, POD 537, Alamagordo,
NM 88310. If you buy one, please let us know how it works.
PHOTOSENSITIVE EPILEPSY
A short comment on this phenomenon in our last issue brought the
following response.
Dear Jim:
Always read your COMSEC LETTERS with great interest. Re the
February 1986 issue and specifically the paragraph titled
PHOTOSENSITIVE EPILEPSY, be aware that there was a tremendous
amount of research during the Vietnam war related to this
subject. When it was discovered that certain low frequency
(around 7.5 Hz) pulses could induce a petite or grand mal
seizure, the Army immediately began studying the possibilities.
After "Audiogenic Seizure Susceptibility Induced in Mice by Prior
Auditory Exposure," by K. R. Henry, Science, 158; 938-40,
11/17/67, the Pentagon classified all further research including
that on photogenic seizures.
And yes, it does cause some cancellation of our "scan rate" ..
whatever that happens to be in each individual living organism.
People get sick when strobes are used at low frequencies. Pilots
get seizures when landing single-engine aircraft to the west at
sunset because of the prop strobing. The reaction that folks have
to certain CAT scan machines like the magnetic resonance devices
is likely caused by the same problem. There was a report in the
spring of 1968 that the Army had a research group build a very
large oscillating disc several feet in diameter and driven by a
very powerful driver that put out about 160dBA at frequencies
under 10 Hz. A little like the effects of mustard gas with the
wind changing directions, the experiment ended with the
termination of every living organism in a 2000 square yard area.
So went that unconfirmed report.
All Best,
Bernard L. Krause, Ph.D.
Our thanks to Bernie Krause. It is detailed information like
this that makes it such a pleasure to write this newsletter. Not
only did he take the time to respond in detail, he also provided
references.
If you want to contact him, his address is: Audio Forensic
Center,
2631 Clay Street, San Francisco, CA 94115. 415-563-0202.
April, 1986
COMSEC ASSOCIATION
The officers of the association are:
President James A. Ross
1st VP Arnold Blumenthal
2nd VP Kenneth R. Taylor
VP Membership Paul Bowling
VP Finance E.T. Smith
At present there have been no local chapters organized but there
has been considerable interest from several areas in the country.
To assist in getting local chapters started, we'll send a XEROX
copy of the current membership list to anyone who inquires. (The
XEROX copy is the best we have to offer at the present time. The
list will be typeset again, and run in alpha and zip order; but
it will be some time before that is complete.)
Be prepared for some kind of a notice relating to dues. It looks
almost certain that we'll be taking advice from professionals in
the association business, and going to a standard membership year
with all memberships ending on December 31. If you have any great
ideas of how to implement such a program, please let us hear from
you.
Also, the board is working to revise the by-laws, and we expect
to have the new version ready for a vote by the membership in
time for our 1986 meeting in Washington.
Negotiations with Cahners Expositions to collaborate with them
on the show that they are putting on in NYC in October resulted
in no meeting of the minds. Therefore, we will not be exhibiting
at that show. (Probably just as well -- they chose to name it CCS
86, and we certainly can see some potential problems with that
name.)
Also in the works are changes in membership categories with some
corporate memberships open to companies in the trade, and some
affiliate memberships open to companies wishing to do business
with our members. If you have any ideas along this line, please
call either Paul Bowling (301-843-3809) or E.T. Smith
(703-533-8555).
If you have any ideas relating to the activities of the Comsec
Association, or ideas of benefits that we can arrange for our
members, please call either Paul or E.T. (numbers above). They
are both working very hard to expand our activities, benefits and
membership.
Since our inception we have used a service which provides
telephone answering and an address in Washington, DC. At present
ET Smith and Paul Bowling are looking for a way to establish a
semi-permanent address for the association without running up a
tremendous bill every month. Until they arrange the new address,
please use POB 3554, Frederick, MD 21701 for any inquiries.
Addresses and phone numbers for CSA board members:
Arnold Blumenthal PTN Publishing Company
101 Crossways Park West
Woodbury, NY 11797
516-496-8000
Paul Bowling National Investigative Services
5931 Michael Road
Waldorf, MD 20601
301-843-3809
James A. Ross Ross Engineering, Inc.
7906 Hope Valley Court
Adamstown, MD 21710
301-831-8400
E.T. Smith The Republic Group (Teltron)
5801 Lee Highway
Arlington, VA 22207
703-533-8555
Kenneth R. Taylor Target International Corp.
14839 NE 20th Avenue
North Miami, FL 33181
305-940-0035
PERSONAL (PERSONNEL) NOTES
There is a good strong possibility that your editor will be
moving to the Miami area to become the Director of the Target
International Corporation Security Academy. His business in the
Washington area is up for sale (all or part), and he plans to
continue editing the COMSEC LETTER after relocating to FL. We're
now looking for someone in the DC area to be the executive
director of the association.
Please note: CSA has been a cash-flow negative operation since
its inception. The need to hire someone means that the
Association will have to greatly expand its revenue in order to
be able to pay a decent salary. That means that we'll have to
start a major recruiting and fund raising campaign. Your ideas
and your help are needed.
ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1985
In one of the first COMSEC LETTERS we ranted about an effort of
the federal government to try to solve a problem by passing a
law. Specifically, we said:
We object on principle because, in our lifetime, we have
watched legislators, time after time, try to legislate
the solution to a problem; and usually in the process
they create problems many times worse than the one they
were trying to solve. We give it as our fixed opinion
that there is a sickness in this land, the virulence of
which increases with proximity to the Capitol; and that
sickness is the ingrained belief that the federal govern
ment can legislate a solution to any problem.
Here in 1986 they are again trying to legislate a solution to a
problem. Because some people have just discovered that what is
broadcast by radio can be heard by anyone with the proper
receiving equipment, our legislators are trying to make it a
crime to listen to what has been transmitted on certain
frequencies. What hogwash!
In a meeting with a member of the Congressional Office of
Technology Assessment a short time ago, I protested that the law
would be clearly unenforceable and was told, "There are many laws
on the books which are not enforced." Of course I agree. However,
I take the position that every law that is not enforced tends to
create disrespect for all laws, and I am vehemently opposed to
the provi sions of the bill as it stands.
Many other folks have taken positions opposing the bill for many
different reasons, and we'll be presenting some of their comments
in future letters. You are invited to call or write with your
comments.
CALL FOR PAPERS
The deadline for abstracts is May 20, so you don't have much
time; but it sounds as though this will be an interesting
meeting. "Protecting Intellectual Property" is the title, and it
is being put on by Aerospace Computer Associates in December in
the Washington, DC area. Contact Steve Walker, technical
chairman, on 301-854-6889 for information on presenting a paper
during the conference. If you are interested in making a
presentation at the one- day tutorial which precedes the
conference, contact Chris Perry on 703-883-6235.
DEFINITION OF A TAP
Because there had been no responses to our challenge to create a
definition of a tap, we proposed the following definition in our
September '85 letter. (After all, many of us make good money
checking for taps; it seems reasonable that there should be a
definition of a tap.)
"Tap, n., v., ---n. The act or process or equipment used to
monitor and/or record the content of messages being trans
mitted over wires without degrading the quality of trans
mission or interfering with transmission in any way, and
especially without being detected. The product of a tap is
the content of messages being transmitted over wires.
---v.t. To perform the necessary steps to accomplish a
tap."
We followed our first effort at defining the word with the
follow
ing comments.
"N.B. Because most taps seem to have conversations between
humans as their objective, it has become common to think of taps
as having a product which is human voice conversations. (In fact,
to simplify terminology during the seminar we refer to listening
to microwave or satellite-borne telephone conversations as taps.)
Note that the definition above does not refer to voice
conversations between humans.
Anything being transmitted over wires can be tapped. That
means that data, Teletype, facsimile, etc. can be the product of
a tap. Also, keep in mind that the definition refersto anything
being transmitted over wires, and is not limited to baseband
transmissions. That means that modulated RF, CW, ICW, or any
transmission at any carrier frequency, unmodulated or modulated
using any type of modulation, is included in the definition.
So let's go critics. Have a shot at the definition of tap."
In response to our request for others to provide a definition,
W. Bonham C.P.I. C.I.I. of Wausau, WI sent us the following for
which we thank him sincerely:
"A tap would be the act, when an individual who has an
expectation of privacy sends or communicates over a wire or
other means of transmission any information which the
sender feels that they have an expectation of privacy with
and that any person who is not authorized intercepts this
communication by whatever means with the intent to solely
intercept without authorization would by prima facia evi
dence of committing this act. The definition of tapping
requires three elements; the first element being that the
communication from the sender was transmitted through or
over facilities that are normally used for generally trans
mitting any type of communication. These type are defined
as but not limited to telephone, telegraph, electric lines
and/or other lines of communication that are either pub
licly or privately owned. The second element would require
that the intercepter did in fact penetrate or infiltrate
these lines of communication gaining access to said private
communications regardless of whether these communications
were recorded or only orally intercepted. The third element
would require that the interceptor did in fact commit the
act described in paragraph two by whatever means."
Considering the number of people who read this letter, we're
really disappointed that Mr. Bonham is the only person who took
the trouble to make a contribution. We hope that his effort will
spur some other members to send in their ideas.
His definition leans toward what was called "elements of the
offense" if your ol' editor properly remembers some of what was
thrown at him in a couple of semesters of law class. Our
definition, on the other hand, tends to define the term from a
technical point of view. Your comments are actively solicited.
Congress has not defined a tap very well in our opinion, and our
own definition leaves in limbo the question of whether coaxial
cable is considered "wire", and further, what about wave guide?
May, 1986
ELECTRONIC PRIVACY ACT OF 1986
We've carried information and opinion on this act in earlier edi
tions, and we'll probably have something on it in every edition
until it is defeated or put into sensible form, or -- heaven
forbid -- passed into law.
This astounding law, among other things, would make it a crime
to listen to what has been broadcast by radio on certain
frequencies. The law cannot be enforced.
Those who wish to listen will be able to listen with essentially
zero chance of being detected in their "criminal" activity, and
no chance of being punished for engaging in their "criminal"
activity.
What then will the law accomplish?
1. It will serve to diminish respect for all laws. Every
unenforced law tends to diminish respect for all laws.
2. It will offer cellular communication sellers an oppor
tunity to take advantage of folks by allowing them to
assure their customers that their broadcast conversations
cannot be overheard because "there's a law against it".
3. It will mean that it will be possible for a person to
be accused of committing a crime if he operates a radio
a. without being aware that listening to what
has been broadcast on certain frequencies is a
"no-no", or
b. operates a radio that does not accurately
display the frequency tuned to, or
c. operates a radio that has poor selectivity,
or
d. operates a radio that has poor image rejec
tion, or
e. does anything that allows him to hear what
has been broadcast on the specified frequencies
(e.g., uses a spectrum analyzer or crystal set
or a TV on Channel 80 - 83, etc.).
(Of course, defenders of the bill will point out that
there are words in it relating to the "intent" of the
listener, but how does one prove a lack of "intent"?)
3. To those with any understanding of radio communica
tion, propagation, etc. it will make the legislators who
voted for it look very silly.
Yes, I agree that something should be done to modernize the
laws. Yes, we are entitled to protection from wholesale
eavesdropping by eager investigators. Yes, law enforcement
organizations with cause should be able to eavesdrop on suspects.
(ACLU ?) But making the mere listening to what has been
broadcast into a crime is ludicrous.
In fact, from here it looks like the beneficiaries of the
proposed new law are the salesmen for cellular phones, and some
very smart (but devious) law enforcement types who will be able
to snoop legally without fear of violating the law because they
built in some beautiful gaping loopholes.
More coming.
INFORMATION SOURCES
For books and training courses relating to telephones and
telephone systems, contact: abc Teletraining, Inc., POB 537,
Geneva, IL 60134. 312-879-9000.
Also, Teleconnect is offering specials on some of the
publications from Texas Instruments Learning Center. Contact
Teleconnect on 1-800-LIBRARY.
By the way, TILC no longer sells their "Understanding" series of
books. If you want to buy any of them, contact Howard W. Sams
Co., 4300 W 62nd St., Indianapolis, IN 46268. 800-426-SAMS. As
we've commented several times earlier, Understanding Telephone
Electronics is an excellent book for anyone intending to do any
work with telephones or telephone systems.
Washington Researchers Publishing offers an outstanding
newsletter, The Information Report. For a sample issue and
subscription information contact them at 2612 P St., Washington,
DC 20007. 202-333-3533.
Two catalogs featuring publications on a wide variety of
subjects just arrived. For books on scanning, SWL, cryptography,
eavesdropping, etc. contact CRB Research, POB 56, Farmingdale, NY
11725. For a selection aimed at prospective private eyes contact
Thomas Publications, POB 33244, Austin, TX 78764. (If you buy any
of their selections, we'd really appreciate your comments -- a
full length review, or just a few words.)
RADIO SHACK TO THE RESCUE (Thanks Joel!)
In doing countermeasures work one of the bugaboos that we have
faced from time to time is the problem of connecting our
telephone analyzer to a standard wall phone with modular
connectors. We've improvised several times --- using the Fluke
multimeter to make the voltage readings from terminals inside the
instrument, using an audio amplifier and a modular breakout cable
to make audio feedback tests, etc.
In short, it's meant a lot of extra work because there was no
simple way to hook up the analyzer in parallel with the phone and
the line.
Now comes Radio Shack to the rescue.
They just came out with a new product that we see a real need
for in countermeasures. It's called "duplex wall phone adapter"
(their part # 279-359), and it sells for $9.95. It provides a
standard modular jack in parallel with the telephone so that
Harry Homeowner can connect his telephone answering machine to
the phone line at the wall telephone. In our business, of course,
it can be used to connect the telephone analyzer to the phone and
phone line which should make life a whole lot easier when you are
trying to do standard tests with one of the commercially
available telephone analyzers.
By the way, we'd appreciate feedback from anyone who tries this
product. (Our first attempt was in front of a seminar group in a
rented meeting room in a motel, and we had difficulty in getting
the phone to connect to the adapter.)
INDUCTIVE PICKUP
The suction cup inductive pickup (for telephones) has many, many
drawbacks, and we've been asked many times for the source of a
better inductive pickup. Finally, we've found one. It is a larger
loop and fits around the earpiece of the telephone handset.
(We've not tested this one, but if it works like our old
faithful, you won't be disappointed.) $4.88 ea. P/N 1GSO174 from
Electronic Supermarket, POB 988, Lynnfield, MA 01940.
617-532-2323.
MODERN FOOLPROOF ELECTRONICS VS. OLD-FASHIONED SKULDUGGERY
This story comes from one of our readers who wishes to remain
anonymous so as to preclude any possibility of embarrassing his
client.
It seems that the client had purchased some "state-of-the-art"
electronic computing and cash registers for some bars that he
owns with the idea that the automatic electronic reporting by
each cash register to the computer would cut down to the minimum
the "shrinkage" he had been experiencing. Unfortunately, even
with the fancy system in place, simple arithmetic told him that
he still had some
unknown partners who were sharing revenue with him in his bars.
Enter the consultant who knows electronics and people. He walks
to
the cash register and unplugs the line to the computer, rings up
a
few sales, and replugs the line to the computer.
You guessed it. While the line was unplugged, no sales were
recorded, but the cash register worked normally. The scam was
simply
to unplug the line when the "sale" was the bartenders take.
That's all there is to it. Even the manufacturer's
representative
was not aware that it was so simple to beat the modern electronic
cash accounting system.
Live and learn.
EVALUATION COMMITTEE
One of the ideas of the founders of the COMSEC Association was
to
establish a data bank so that the qualifications, credibility,
etc.
of TSCM product and service vendors could be made available to
mem
bers and others. At present, Paul Bowling and E.T. Smith are
start
ing to put together the mechanics of such a system. Paul expects
to
have a computer bulletin board up and operating in about a month,
and ET is working to put together the details of a plan to
provide
listings of products and services for member companies.
If you have any equipment to donate, or any ideas about
corporate
membership benefits, fees, etc., contact Paul or ET.
Having just heard yet another horror story about an unqualified
and
unprincipled firm which collects in advance, but doesn't deliver,
we're more anxious than ever to start a COMSEC "Better Business
Bureau". In other words, a data bank of information on
submissions
to the COMSEC Association. If you've been ripped off, and can get
no
satisfaction from the ripper, send us the full information. We'll
contact the ripper to give him a chance to answer the complaint;
and
we'll make the entire file available to members for a nominal
fee.
YET ANOTHER WAY TO TAP A PHONE
This may sound far out, but it rings true to us because we had a
similar experience years ago in Florida. In our case, we had con
tracted with an answering service for them to pick up on our busi
ness line if we did not answer by the third ring. Worked great.
Never had to remember to turn on a machine or notify the service.
The only problem was that after we had cancelled the service, the
service did not cancel the line that they had ordered run to them
from the central office. The result was that we paid for years of
unwanted and unused service. The phone company refused to even
con
sider the fact that we had been unaware that someone else had
ordered service for us and neglected to cancel the service, and
we
were stuck with the bill -- no refund even considered.
The current information comes to us in a newsletter which
details
the same kind of overbilling, but for a completely different pur
pose.
Ted Gunderson, a former FBI agent in Los Angeles who is working
as a private investigator, contends that GTE took an order for
additional service (a pair connecting his line to an answering
service location) from someone else and billed him about $40 per
month for two years. He has received a refund from GTE, but GTE
refuses to let him know who placed the order. In other words, a
tap was on his line for two years, he paid for it, and he cannot
find out who ordered it or who was listening.
NEEDED FOR TESTING
We really want to test an old-fashioned AM wireless intercom,
but we don't know how to find one. Can you help?
While we're at it, we might as well mention that the COMSEC
Association is putting in for recognition as a 501 (c)(3)
corporation. What that means is that you'll be able to take a tax
deduction for contributions of cash or goods. (There are rules
and regulations,
and limits, etc. but nothing horrendous.) So you'll be able to
send
us your old books, surveillance receivers, spectrum analyzers,
func
tion generators, etc. and take a tax deduction for your contribu
tion.
READ ANY GOOD (BAD) BOOKS LATELY?
Why not send in a review of any book relating to communications
and/or information security. Help our members separate the wheat
from the chaff. Recommend the good ones and pan the bad ones.
Don't
leave the membership at the mercy of your ol' editor. They
deserve
opinions from more than one person.
Let us hear from you today!
QUESTION
It's 1986, YOGO + 2. Do you know where your (Telco) dollars go?
Did
you ever hear of "Telephone Pioneers of America"?
INFORMATION PLEASE
This first question is one that came up during our last seminar,
and leads to some other interesting questions, we think. Here
'tis:
Q. Do you know of any TEMPEST-type attacks against
non-government
targets?
That is the question, and we'd like to hear from you, if you
have
any information.
More questions along this line later.
Meantime, remember, we'd sure like to hear from you.
June, 1986
ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
At the time that this is written we see nothing more important
to report on than this activity in Congress. We think it poses a
threat to basic freedom in this country, and we're actively
working to correct some of the strange provisions in this bill.
To give you some history: Congress decided that the old law
(sometimes called "Title III") needed to be updated, and worked
on drafting a new law. Companion bills were introduced in the
House and the Senate, worded identically. Unfortunately, they
were written as amendments to the old law. (What that means, in
the practical sense, is that outsiders like us [isn't it terrible
that we citizens are outsiders when it comes to writing the laws?
Whatever happened to the idea that government derives its power
to govern from the people?] have to write out the old law and
then substitute words and phrases as specified into the text of
the old law before we have a readable copy of the new law.
We were in the process of doing that in our computer when the
House bill was withdrawn, and another substituted in its place.
The new bill was reported out of committee with a 34 to 0 vote
and sent to the floor. There, less than one week later, it passed
by voice vote without debate or amendment.
Sound like a railroad job? We think so.
Calling our Congresslady and the committee resulted in our
receipt of a copy of the new bill, and -- you guessed it -- it is
not written out either. So here we are, spending the majority of
our time trying to make a living, and sandwiching in some
sessions to try to write out what they propose so we can study
it. Meantime, some of our understanding of the provisions of the
bill is dependent on what others say it says -- and that's a
scary situation. (See the segments in this letter "WHAT A
DIFFERENCE A WORD MAKES", and "CHOICE OF WORDS".)
So the house has passed the law and it is now up to the Senate
to pass its version. We're concerned, and one step that we've
taken is to write to each of the Senators. A copy of the letter
sent to Senator Mathias follows. (He heads the Senate committee
looking at this bill.) (Adaptations of this letter were sent to
all senators.
Dear Senator Mathias:
This is in reference to S.2575, Electronic Communications Privacy
Act of 1986.
First, I must point out that I am not a lobbyist and I stand to
gain nothing by any changes that you may make to this proposed
law. I am writing to every senator as a concerned citizen who has
some special knowledge of the technical area addressed by this
bill -- a citizen who is very concerned that the companion bill,
with its many serious faults, passed in the House of
Representatives without hearings and without debate.
The principal reason for my concern is that many of the
provisions of the new law would be patently unenforceable, and
every law that is not enforced tends to create disrespect for all
laws.
Also of major importance is the fact that the law tries to
overrule the laws of physics and, in that attempt, would make a
felony out of some common, ordinary activities.
Yes, the old communication privacy law should be updated. I
believe that I am the only engineer (BS, West Point; MSEE U. of
Illinois) who has testified as an expert in federal court as to
the meaning of the old law, and I am ready to shout from the
rooftops that the convoluted language of the old law is next to
impossible to interpret. I have spent many hours studying it and
its legislative history, discussing it with experts on the law,
and testifying in court as to its meaning; and I know that a new
law is badly needed.
However, we don't need a new law that uses even more convoluted
language, is largely unenforceable, contains loopholes and
loopbacks, ignores modern technology, uses outdated terminology,
and overall does not do what its framers said that they intended.
I am the president of the Communications Security Association,
but I am not writing as a spokesman for the association; I am
writing as a private citizen who is concerned. If the Senate
takes a deliberative posture and time thus becomes available, the
Comsec Association will take a position and offer expert
witnesses.
I urge you, Senator Mathias, to hold hearings on this bill. I am
prepared to testify, and I believe that you should contact the
Institute of Electrical and Electronics Engineers for other
technical experts with appropriate experience. (Each engineer to
whom I have mentioned provisions of the bill has responded first
with laughter, and then with incredulity that our legislators
could even seriously consider passing a law that attempts to
overrule the laws of physics.)
Please take action. It is vitally important.
WHAT A DIFFERENCE A WORD MAKES, TWO EXAMPLES
FIRST EXAMPLE
In the law that Congress is trying to update, the words which
define interception of communication are "aural acquisition of
the contents" of the communication. What that combination of
words means, in your editor's opinion, is that somebody heard the
contents of the communication. After all, "aural" refers to the
hearing mechanism in our heads (or for that matter to the hearing
mechanisms in the heads of animals, reptiles, fish, fowl, etc.),
and achieving "aural acquisition" seems to be simply a strange
way to say "hear".
In any event, the law defines interception differently than the
dictionary does, and is very precise in its definition.
So now come various groups and organizations and people who take
it upon themselves to "explain" to us unwashed masses exactly
what the law means. And what do they tell us it means? Why they
say that the law says that interception means the "acquisition of
the content" of the communication.
Hey! What happened to "aural" which refers to human hearing.
Are they deliberately trying to confuse us?
In this first example of "WHAT A DIFFERENCE A WORD MAKES" one
key word has been left out and the entire meaning of the law has
been significantly altered. Instead of saying that interception
means hearing the content of the communication, people are saying
that the old law says that interception means acquisition of the
content -- and there is a world of difference.
At least one judge in Virginia is not confused. The Virginia law
is written with the same definition of interception, and in a
case in which there was incontrovertible evidence that private
conversations had been recorded he ruled that there had been no
interception because there was no evidence that anyone had ever
listened to what had been recorded on the tape.
C'mon you experts. The law does not define intercept as
"acquisition of the contents"; it defines it as hearing what has
been transmitted, "aural acquisition of the contents". Any other
interpretation is perverting the law as written.
SECOND EXAMPLE
The second example of the awful consequences of leaving out one
single word relates to the study, widely quoted, which was done
for Congress by their Office of Technology Assessment. In that
report, in reference to the protection of communications afforded
by the old law, OTA uses these words: "...communications...other
than voice are not clearly protected."
So how is that translated? Did the translation of the
translation change the meaning?
It sure did! People (including Senator Mathias) who use that
report as their authority are now saying that the old law
protects only voice communications. It seems that they decided
that the word "clearly" was too limiting so they just left it out
when they interpreted OTA's interpretation for us.
What a difference a word makes!
Does the old law protect only voice communications? If you think
so, you're wrong. The old law does not refer only to voice
communications. In fact, the word "voice" is not even used in the
old law!
That law prohibits interception (defined as aural acquisition)
of the contents of "oral and wire communications".
In fact, goodbuddy, if you study the old law carefully, you'll
come to the conclusion that it doesn't clearly protect voice
communications as well as not clearly protecting other than voice
communications. (More later.)
CHOICE OF WORDS
Throughout the proposed law and in all references to these laws
our Congressmen have used the word "protection" when they are
referring to the legislated prohibitions against eavesdropping on
conversations. It is as though they really believe that they can
legislate protection.
If you believe that legislation can "protect" your broadcast
conversations from being overheard, we have an experiment for you
-- and any congressman who thinks he has such power.
First let Congress pass a law which prohibits piranha fish from
biting our citizens. Let's make it a felony.
Then you, or your congressman friend, go jump in a river full of
piranhas.
Let me know how you make out.
END NOTE
Thanks to our many contributors; your material will appear soon.
July/August, 1986
The July/August issue of ComSec Letter were never published due
to the incapacity of the Ross family caused by an automobile
wreck.
September, 1986
Dear CSA Member:
This will probably be the shortest COMSEC LETTER that you
will ever receive -- and I hope that it will be the only one
mailed out of order.
The situation is that the Congress is about to create what I
consider to be a very silly law which will benefit only those who
are interested in skulduggery, and will create a false sense of
security for the masses. I am referring, of course, to the
Electronic Communication Privacy Act of 1986.
I have written about this in earlier editions, and I expect
to recount my initiation into personal efforts to influence
legislation in future editions; but, for now, I am hastily trying
to pass along one important thought and one administrative
message:
1. Enclosed is a copy of a recent letter by the
Association of North American Radio Clubs. Its message is simple.
Contact your Senator to urge him to oppose legislation which
would create an unenforceable law -- and make criminals out of
people who listen to what has been broadcast in the clear on
certain frequencies. It may already be too late, but we have to
try to get Congress to think before they act. We have many
members in the COMSEC Association who are experts on
communications security, and they should have a chance to be
heard.
2. This letter (September) is being mailed before the
July/August edition because we had a choice of spending our time
to finish the July/August letter or to work at trying to stop, or
at least patch up, the impending law and we decided that the
latter was more important. The July/August letter is in the works
and will be coming to you soon.
Regards,
Jim Ross
October, 1986
A PERSONAL NOTE FROM YOUR EDITOR
Dear Friend,
On September 12 Lynne and I were in a serious automobile wreck
which left her with a broken neck. She has been a real champion
throughout this ordeal, and at the time of this writing she is in
a Philadelphia collar and at home. The prognosis is for a
complete recovery eventually, and for that we thank God.
Ken Taylor and Paul Bowling filled in for us at the ASIS show in
New Orleans and Doug Kelly and Ken took care of our seminar
following the ASIS show. Our youngest daughter, Marilyn, has been
helping with some of the business work that Lynne used to do.
Of course, many things have been postponed, and we apologize for
any problems that our tardiness may have caused.
Sincerely,
Jim Ross
ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986
Well, they passed it. Something like 25 seconds was all it took
"the greatest deliberative body in the world" to pass this
abomination.
We'll have much more information on this in future issues. For
now let's quote from a Monitoring Times editorial by Bob Grove:
"Unenforceable, ill-advised and self-contradictory, this mockery
of the judicial process should never have seen the light of day."
(More information on the COMSEC Association's position on a
related matter is carried in the segment of this letter entitled
"FCC Letter".)
COMSEC ASSOCIATION PLANS
Paul Bowling has set up the COMSEC Association's computer
bulletin board, and you are invited to call in. The number is
301-843-9266.
Paul is also spending many hours of his own time to try to
develop programs for members of the association. Details coming.
This letter is very late, but two more letters are in the works
in the computer so we hope to be all caught up by the end of
December.
By the way, the letter should begin to look much sharper soon.
Jim Ross's business has a laser printer on order, so the COMSEC
Letter will soon have an almost typeset look. Plans are also
underway to take ads in the letter and in the membership list
publication. Contact Paul Bowling for details.
JOB OPENING
We have been advised of a job opening in New England for someone
with heavy countermeasures experience. It will require about 20%
travel nationally and internationally. Good salary and benefits.
Contact Jim Ross for more details and the name & number of the
headhunter.
LETTER TO THE FCC
On 11-3-86 the following letter was mailed to the Federal
Communications Commission in support of a petition by the
Washington Legal Foundation to require manufacturers of
radiotelephone to label their products to warn users that their
conversations can be overheard.
William Tricarico
Office of the Secretary
Federal Communications Commission
1919 M St
Washington, DC 20554
RE RM 5577
Gentlemen:
This association, composed of hundreds of professionals in the
field of communications security, heartily favors requiring
manufacturers of radios used in telephone service to permanently
label such equipment to warn users that their conversations can
be easily overheard.
Something must be done to counter the false sense of security
which the manufacturers and the congress have created. Radio
transmissions can easily be heard by anyone, and no man-made laws
will be able to change that fact.
The Washington Legal Foundation should be commended for taking
the initiative to create the petition to require privacy warning
labels.
If there is any question regarding this, I can be reached at my
office, 301-831-8400.
Very truly yours,
James A. Ross
President
cc: Membership
Secretary, Washington Legal Foundation
Bob Horvitz, Association of North American Radio Clubs
November, 1986
QUESTION FOR COMMUNICATIONS CONSULTANT
In an article regarding major changes in U.S. communications
policy in Communications Consultant, a magazine for people who
earn their living performing as consultants on communications
matters, Julia King wrote: "Some of them, such as the endorsement
of the long-sought-after communications privacy law, have proved
beneficial to both consultants and their clients."
Our question for her: Just how has this new law proven
beneficial to either consultants or their clients? Or, do you
expect that it will become beneficial some day? If so, how?
The one benefit that we see is a long-term one; the definition
of "interception" has been improved. Now it is defined as the
acquisition of the contents of a message, rather than as the
aural acquisition of the content. After the new law becomes
effective next year this change should make it easier for judges
to understand, and should result in making the law stronger.
Other than that, we believe that the only beneficiaries of the
new law are those sellers who wish to take advantage of buyers by
deceiving them with regard to the security of the communications
equipment that they are touting.
Law enforcement is a loser. They'll now have to get a court
order to use a DNR.
(Incidentally, our language is a loser -- the lawmakers insisted
on using an 1890's term, pen register, when "updating" the old
law instead of the modern term dialed number recorder or DNR.)
Communications users are losers. They'll be more than ever
convinced that any telephone is a secure means of communication.
Some of us who make our living doing countermeasures could be
big losers. We could get into trouble for conscientiously doing
our jobs. Can't you just hear us explaining to the senator that
we can't check that suspicious emanation from his office because
it is on one of the frequencies that the senator has voted to
make it a crime to listen to!
A hand-addressed copy of this newsletter is being mailed to
Julia King at Communications Consultant. She, or anyone from this
magazine is invited to make a presentation at COMSEC EXPO '87.
You'll have a chance to expound on your views in front of a
knowledgeable audience. Let us hear from you.
COMSEC EXPO '87
Due to circumstances beyond our control, we were not able to
schedule our second COMSEC EXPO during 1986. At present, we are
in the final stages of planning COMSEC EXPO '87 with the location
to be the Washington, DC area, and the dates to be late in 1987.
You will be advised.
FROM OUR READERS
Many, many, submissions from readers have been received. Some
date back many months. If you have mailed in some material, don't
despair of ever seeing it. None has been lost. We just haven't
been able to get around to including all of the stories, ideas,
information, etc. Hang in!
For now, we'll pass along just one item which we received during
the past month. Several members sent us annotated copies of a
letter that had been sent out by a firm in Port Chester, NY. The
organization seems to have many identities, so to keep from being
sued for misrepresentation, we'll include the full description.
The letter was signed over this signature block:
Marsha Pearl, Mgd. Coordinator
PROTECTION CONNECTION, a Property of
CCS Counter Spy Shop.
The letterhead says:
The Counterspy Shop
A Division of CCS Communications Control Inc.
No, we don't know what "Mgd." means; but the CCS initials sure
are familiar. Anyway, the essence of the letter is a request for
submission of products for them to sell and includes the
following in its listing of what you should submit: "...the
merchandise itself for testing, ..."
Now that, to us, is a very interesting offer. CCS, the master of
advertising claims, now plans to test equipment.
But wait! Maybe we are making an incorrect assumption. Your
editor, being an engineer, assumes that the purpose of the
testing would be to determine whether the items tested actually
do what their manufacturers say they do. However, that may be a
totally erroneous assumption.
Well, we have a CCS employee on the mailing list. Maybe she'll
enlighten us as to exactly what it is that CCS proposes to test
for. If they plan to test for performance as claimed in
advertising, we're certain that many of our members can suggest
many CCS products to be tested.
CALL FOR PAPERS
Although the dates and place are not yet firm, we're asking
everyone who wishes to present information on modern
communications and information security to notify the planning
committee as soon as possible. Send a short abstract, along with
some biographical information, to:
COMSEC EXPO '87 Planning Committee
POB 3554
Frederick, MD 21701
If you have any questions, you may call 301-874-5311, but please
be advised that that number is not answered on a full-time basis
so keep trying.
ADMINISTRATIVE NOTE
This letter will, we hope, be the last of the 2-page letters. We
have a mountain of backlogged notes for the letter and some very
important information to convey, and we plan to start working out
of this backlogged condition with all our might. In the next
issue we'll again carry a listing of coming events -- we've been
so far behind schedule that it had to be dropped temporarily.
Please send in any announcements of meetings etc. in this field.
December, 1986
ECPA
The Electronic Communication Privacy Act is now the law of the
land. It may have some parts which improve upon the old law, but
it definitely has some provisions which are downright stupid. It
is largely unenforceable, and probably will be used by the
sellers of cellular phones to bamboozle their prospective
customers by creating a false sense of security -- "No one can
listen to your calls; it's against the law." Of course, anyone
who wants to listen will listen. There is no chance that his
"crime" will be detected; and the Justice Department has already
said that they do not intend to try to enforce the law.
Its drafters said they had to "update" the old law to "protect"
modern communications that were overlooked in the old law. So
they used terminology that was outdated even before the old law
was passed. They dropped some of the words -- that they never did
understand -- that were used in the old law in favor of some
other words -- that they obviously don't understand.
More on ECPA, much more, coming.
Also, along the same line, we have an essay in preparation on
the dangers inherent in writing to impress rather than to
communicate, and using words you don't understand in the process.
COMSEC EXPO '87
Our second annual meeting is now being planned for Washington,
DC in the fall of '87. This time we're doing it all ourselves,
and we guarantee you that we'll have a real opportunity for
learning what's new and what's going on.
If you want to appear on a panel, or give a presentation, or
sell booth space, or work as a volunteer in some capacity,
contact your editor on 301-831-8400. If you are interested in
exhibiting, contact the conference coordinator, Shirley Henschel,
at Expo Headquarters: 9306 Wire Avenue Suite 701, Silver Spring,
MD 20901. Phone: 301-588-3929.
At this time it looks like there will be three days of panels,
seminars, and presentations; three days of exhibits, and one half
day of a meeting of the members of the COMSEC Association. We're
planning to allow plenty of time for visiting the exhibits so
that it will be possible to attend all of the conference sessions
and also see everything in the exhibit hall.
CALENDAR
Starting with the January issue we'll be inserting an extra
sheet into each mailing of the COMSEC LETTER to list all of the
educational activities, shows, etc that might be of interest to
members. Bob Bryant, Michael Melhorne, Jim Ross, and anybody else
who schedules many activities throughout the year will be handled
in a special section outside the overall chronological listing.
If you are planning an event that you think might interest our
members, send your releases. We have a qualified readership.
For this issue we're going to list only one event -- a very
special one that deserves your attention -- and that is:
Carnahan Conference on Security Technology
Hyatt Regency-Ravina, Atlanta, GA
July 15-17, 1987
Contact: Juanita B. Graves, Conference Coordinator
606-257-3973
Special Note. This year, for the first time, the Carnahan
Conference will include exhibits. Contact Juanita for full
information.
MORE MODERN TELCO SERVICE FROM SOUTH CENTRAL BELL
SCB has recently announced that it will offer, on a trial basis,
a new service called "call rejection". The trial will take place
in Natchez, Mississippi, and will cost subscribers $2.00/month.
To use the service, the subscriber punches in a code using a
DTMF pad, and records a message saying that he refuses to take
any calls from the specified number. Each customer is limited to
a total of six numbers from which he refuses to take calls.
Also being offered during the test are calling number
identification, distinctive ringing and selected call
forwarding -- again, limited to a total of six selected numbers.
Our hats are off to SCB. Again, they are offering modern
services to their customers.
COMSEC ASSOCIATION COMMITTEE CHAIRMEN
Soon we will have completed much of the organizing work that has
been in the works, and we'll have various committees named and
defined. We'll be looking for some self-starters who are able to
work with a minimum of supervision to chair and man (woman?)
various committees. Look for announcements in the COMSEC LETTER.
DESKTOP PUBLISHING
Well, your editor finally bit the bullet and bought a laser
printer so this letter should look a tad better in the future.
Right now, we're able only to put out print in one typestyle, but
as we learn to master the features (and buy some more software)
we'll be able to dress up the letter so it looks almost
professionally typeset. (By the way, if you have experience with
a QMS KISS laser printer and can steer us to some helpful
software, please call or write.)
It is our plan to expand this letter during 1987, we hope to a
full magazine with ads, articles, editorials, and more of what
you have been reading in the COMSEC LETTER over the years.
NEW FEATURE
The COMSEC LETTER has had many submissions from readers and
we've just not had the time to make use of them. One of the first
was from Roger Tolces and contained the excellent suggestion that
we start a regular feature called "Bugs and Taps Found". (Of
course, if he had been reading the letters, he'd have known that
we had already carried several "reports from the field".) Roger
included a real-life story that we'll be passing along soon.
Also, Gerry Linton of Calgary has sent along some information
which will appear under that (or a similar) heading.
For this issue, however, our member-supplied material is a book
review by Dave Mann. We're sure that you'll find it interesting.
If you have submitted information, or asked questions; please
bear with us. The planned expansion of this letter will allow for
much more material each month, and we'll start working our way
through the backlog of material.
BOOK(LET) REVIEW, by Dave Mann
Review of The Business of Spying prepared and distributed by
Sherwood Communications Associates.
"The Business of Spying" was handed to me as I edged my way
around the displays at the last COMSEC Expo in Washington, DC.
At first, I thought it was just another exhibition giveaway,
worth about what those plastic carrying bags go for. Cynical old
investigator, I figured nobody gives anything up for free. So
much for my pessimistic view of the industry. "The Business of
Spying" is an excellent piece of work and makes me wish I had
talked Sherwood out of the rest of the booklets!
"The Business of Spying" is aimed at the private sector,
industrial security arena. It covers a very accurate description
of a "private spy" and makes certain the reader understands a
very important point about the private spy: He (or she) rarely
steals information where the boss can detect it, he memorizes or
records it (usually on the uncontrolled copier machine) so that
you will never know you've been had. Good point and bravo for
Sherwood that they make the point up front. The primary areas
where private spies operate, external threats (visitors,
customers), trash collection and reverse engineering are all
mentioned in the handout just in case you have been living in a
cave for the past ten years and didn't know Trash Collection is
one of the most lucrative means of getting inside your company's
knickers.
The "Family Tree of Eavesdropping Devices" and "Computer
Network Vulnerabilities" were included as a means to
diagrammatically display all the ways you can be had. My only
complaint is that the Computer Network diagram was taken from the
famous "Ware Report" on Computer Security (formally DoD
CONFIDENTIAL), but now a classic in its own time. I think ol'
Doc Ware should have been given credit someplace.
Recommendation: Contact Sherwood Communications Associates,
1310 Industrial Highway, Southampton, PA 18966 and talk to George
Russell.
COMSEC ASSOCIATION BULLETIN BOARD (BBS)
C'mon in! Dial up our association's bulletin board. Paul Bowling
has done a marvelous job in setting it up and keeping it running.
This has been a purely voluntary effort on his part, and has
immensely added to our ability to communicate with members and
potential members. He has provided all of the equipment involved
and the phone line as well. Let's use the board, encourage others
to do so, and strengthen our association. Dial up the board and
delve into its information. You'll be glad you did. 301-843-9266.
ON WORDS
Your editor tries to always use the right word. In fact, he's a
stickler for precise language. (One of our readers has even
commented that he is not very interested in the subject matter,
but he reads the letter because "it is written in something which
closely approaches English." From him that's a compliment -- even
without the inclusion of "closely".)
In any event, it's time again to comment on how members of the
fourth estate mangle communications by using the wrong words.
What comes to mind first is the fact that some of the press
coverage of the Voyager adventure has used the word ungainly in
describing that beautiful, graceful, svelte flying machine. Now
maybe it's unconventional in design -- different maybe; but it is
definitely not ungainly.
Don't you think that people who earn their living by using words
should make an extra effort to use the correct words? That
thought surfaces every time a reporter uses the word tarmac
incorrectly. When they are describing an airplane taxiing, they
invariably say it is taxiing "on the tarmac". Truth is, almost
100% of the time it is taxiing on concrete, not tarmacadam. They
just never bothered to learn that some of the airport's paved
surface is called runway, some taxiway, and some apron. They
never bothered to learn the meaning of the word tarmac. They
heard it used and simply copied from another unlearned reporter.
Oh well.
A PERSONAL MESSAGE FROM YOUR EDITOR (AND HIS WIFE!)
Since sending out the letter which included the message about
our automobile wreck and Lynne's injuries, we have received many,
many calls and notes.
From both of us, thank you for your concern, for your prayers,
and for your understanding our lack of asperity in doing the
things that are normal.
On the positive side, and most important, Lynne is recovering
nicely, and the prognosis is for eventual full recovery. She
sends her thanks.
On the negative side, boy, has the work piled up! Are we behind!
(But as Chuck Case says, "It's better to be a little behind than
a big one.") Seriously, we have fallen far behind in our work,
but we are trying hard to catch up. Please, if you have written
or called and not had a response, don't be bashful; call again.
We won't be offended, and we'll be glad to hear from you.