informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/COMSEC/cs1987.nws

2295 lines
98 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

ComSec Letter
Editor: James A. Ross
YOGO 3
1987
COMSEC LETTER
The ComSec Letter was started in 1984, The Year Of George
Orwell, by Jim Ross. Initially it was mailed at no charge to
everyone on his mailing list, and it was later offered by
subscription. After the founding of the Communication Security
Association, the letter became its official organ. In 1989 the
association decided to create a new organ, Comsec Journal; and,
in order to minimize confusion, the name of this letter was
changed to Surveillance.
What follows is an edited version of the contents of one
year of the letter. (The letter has been edited to remove
topical, superfluous, and outdated items.)
Ross Engineering, Inc.
7906 Hope Valley Court
Adamstown, MD 21710
Tel: 301-831-8400; Fax: 301-874-5100
January, 1987
ANNOUNCING!
The ComSec Association announces its second annual meeting:
SURVEILLANCE EXPO '87
to be held at the Sheraton Hotel and Exhibition Center, New
Carrollton, MD (on the Washington, DC beltway) October 20 - 23,
1987.
Conference and Exhibits: October 20 - 22.
Membership meeting: October 23.
The conference and exhibits will feature the latest in the fields
of communications and information security, surveillance and
investigations technology. The ComSec Association will again
offer seminars and panel discussions featuring people with real,
current experience in their fields. We're billing it as a "nuts
and bolts" affair.
Although the program is not yet fully defined, we're arranging
for conference participants to be able to interact with "hands-
on" experts in areas such as:
DES vs. Other Standards
Defense against Hackers
Defense against Electronic Eavesdropping
Modern Methods of Phone Tapping
NSDD 145
Electronic Communications Privacy Act
Biometric Access Control Systems
Night Vision Equipment
and more, much more.
In order to tailor the conference to the needs of security
professionals, we're sending out a questionnaire to 25,000
qualified people, asking them to rate the desirability of many,
many subjects. Once those results are tabulated, we'll be
contacting the people who have volunteered. If you are interested
in making a presentation, send us a short note outlining your
topic and your qualifications.
For more information:
Shirley Henschel, Conference Coordinator
Surveillance Expo '87
9306 Wire Avenue Suite 701
Silver Spring, MD 20901
301-588-3929
ECPA
Electronic Communications Privacy Act. That's the new law that
decrees that there are some frequencies that we should not tune
to. If they want to enforce it, they'll have to create "Frequency
Police". (All calibrated at NBS to prevent accidental arrest due
to incorrect frequency readout.) Looks like "Thought Police" will
be the next step.
But let's be serious about this silly law.
We're still working on trying to understand all of its
provisions, and we've had some interesting discussions with Bob
Horvitz, Bob Jesse, Barbara Rowan and others. It looks like we'll
have a great panel discussion at our fall meeting!
Anyway, for this month our comments about this law relate to the
"jaw-dropper" that we heard in Beverly Byron's (our Congresslady)
office. As we picked up the material which tells how to amend the
old law we commented to the staff, "If the new law says what
we've been told it says, it will be illegal to listen to stereo
music on the radio, or to MUSAK." The response from the staff
was, "It doesn't matter what it says now. They always change the
words after a law passes to make it mean what they meant to make
it mean in the first place."
Now isn't that a fine kettle of fish!
Our elected representatives vote to create a new law, and then
somebody rewrites it after they vote on it, to change its
meaning!
PUBLICATION OF INTEREST
For some time now we've been reading Police and Security News
with some interest. The reason for this comment at this time is
that in the January-February issue a new column was introduced.
Written by Steve Uhrig, it relates to modern electronics as
applied to police work. The first column is entitled "James Bond
Electronics -- PRACTICAL for the Small Department".
Our hats are off to Dave Yaw, Publisher, and Steve Uhrig,
author. Good, practical, down-to-earth information of this kind
has been sadly lacking in our opinion -- especially in law
enforcement publications. As a matter of fact, good technical
information is really hard to come by in many of the popular
security and communications magazines. (One of the communications
magazines recently said that ISDN stood for Integrated Standard
Data Network; that you should have a "lightning rod to attract
and safely ground lightning"; and referred to bandwidths of 64
kilobits and 1.544 megabytes.) (In case you're not a
communicator, ISDN stands for Integrated Services Digital Network
[or Innovations Subscribers Don't Need, depending on your point
of view]; lightning rods create a field to try to prevent
lightning hits; and bandwidths are measured in Hertz (related to
bits or bytes per second, but not related to a number of bits or
bytes.)
Anyway, back to Steve's first column. Overall it should be of
value to the people it was aimed at -- law enforcement officers
in a small department. They don't have experts in electronics,
night vision, etc in their organizations, so they need all the
help that they can get. We're looking forward to seeing many more
columns like this in that publication. For subscription
information, P&SN, POB 330, Kulpsville, PA 19443.
SURVEILLANCE EXPO '87
How did we come up with that name? Well, as you may recall, our
first conference was entitled "ComSec EXPO '85", a good name for
a meeting of an association of folks who work in the field of
communication and information security. However, much of the
technology related to investigations so we called one track
"Investigations Technology". This year, in preparing for our
second meeting we went over our notes relating to the earlier
conference and found that surveillance was the one common thread
in all of the interesting panel discussions and exhibits. We
tried every way from Sunday to bring the ComSec name into the
title, but surveillance always was there.
So that's how the name, Surveillance Expo 87 came about.
By the way, potential exhibitors, there is no conflict with the
IACP meeting which starts in Toronto on the 24th. C'mon in and
show your wares. We are planning a great show, and expect that
attendance will be several time what it was during our first
show.
OTHER COMSEC ASSOCIATION NEWS
Your directors have decided to take the advice of some
membership association pros, and to fly in the face of some other
advice from some other pros.
The advice that was taken says that it is nonsensical to end
membership years one year from the date of joining; all
memberships should expire on the same date. Therefore, we have
decided that the end of our membership year will be September 30.
All current members will be asked to make a pro-rata dues
correction by Paul Bowling in the near future.
The advice that we did not take told us that life memberships
normally cost 20 time annual dues. We decided that we'd like to
offer life memberships to current members for a limited time at
10 times annual dues, and set Dec 31 1987 as the cutoff date.
That's right. If you are now a member, or ever have been a
member, you may become a life member for $500 anytime between now
and the end of this year. If you have never been a member, your
cost will be $550 during this year only. After December 31, life
membership will cost $1,000. (these rates are for USA, Canada,
and Mexico; other countries: $700 and $770 before December 31;
$1400 after that date.)
Also, we've done away with student memberships because of all of
the problems that they created. We want very much to have young
folks who are going to school involved and learning about this
technology, and we tried; but the problems of administering
student memberships were too much. Maybe one of our members will
devise a way that we can keep students involved. Let's hope so.
STARTING OUR FOURTH YEAR!
It's amazing how time flies when you're having fun. It's hard
for us to believe that this is the fourth year that we've been
turning out this letter. We've enjoyed it; hope you have too.
The first issues were typed on an IBM PC by a two-fingered
typist, and stored on floppy disks before being printed on a dot
matrix printer. Now they're stored on an almost-full 10 meg hard
disk before being printed on a laser printer. Some things never
change, though. They are still typed with two fingers.
NEW CORPORATE MEMBERSHIP PROGRAM
At a recent board meeting your directors decided to offer
corporate memberships at rates which relate to the size of the
corporation. (Actually, the program relates to any business or
association, whether incorporated or not.)
Here's the way it goes:
Number of employees Annual Dues Number of Members
1 to 5 $150 1
6 to 10 300 2
over 10 450 3
The members will be designated by the corporation, and may be
changed if an employee leaves or is transferred. The memberships
carry full membership benefits and full voting rights.
The corporation will receive a 10% discount on everything
purchased from the association such as advertising, booth space,
etc. In addition, the corporate members will be listed in various
publications as a sponsor of the association.
NEW CONTEST!
The grand prize is a mention in this letter, and doing the
research and compiling the results will be arduous; but maybe
somebody will take the challenge just for the fun of it.
What we're looking for is a listing of organizations,
businesses, etc. that routinely tape telephone calls without
notifying the caller. What comes to mind immediately are
stockbrokers, emergency services (fire, police, ambulance), hotel
hot lines (all Marriott hotels have a "guest hot line" for
problems), some private investigators, etc.
The next step in this research is, of course, to list the number
of criminal indictments for illegally recording telephone
conversations.
The serious intent of all of this work is to make available to
all (even lawmakers) real information on the real world.
All contributions welcomed with open arms. They don't have to be
fancy, just readable. Y'all come. Heah?
BY-LAWS; ELECTIONS
The founders of CSA pledged to always keep in mind that the
first duty of a membership association is to provide service to
the membership. At our organization meeting on October 23, 1987,
members will be asked to approve the By-laws created by the
current directors. Those By-laws specify that directors will be
elected by the members, and the officers will be chosen by the
elected directors. During that meeting, we will be electing some
new directors and installing a new slate of officers. You are
urged to attend, and to assist in the planning beforehand.
TAP, BACK ISSUES
Ben Harroll advises that back issues of TAP are available from
Pete G, PEI, POB 463, Mt. Laurel, NJ 08054 @ $100 for the full
set, which includes issues 1-83 and some schematics. We'd be glad
to pass on any comments from satisfied (or dissatisfied)
customers.
February, 1987
COMSEC ASSOCIATION ANNUAL MEETING
The second annual meeting of the ComSec Association
(details: page 2) will be held on October 23, 1987 in conjunction
with
SURVEILLANCE EXPO '87.
to be held at the Sheraton Hotel and Exhibition Center, New
Carrollton, MD (on the Washington, DC beltway) October 20 - 22.
Surveillance Expo '87 will feature three full days of
meetings, workshops, and seminars with lots of time available to
visit the exhibits. The conference and the exhibits will cover
the latest in the fields of:
SURVEILLANCE & COUNTERSURVEILLANCE
INVESTIGATIONS TECHNOLOGY
COMMUNICATIONS AND INFORMATION SECURITY
TECHNICAL SURVEILLANCE COUNTERMEASURES
RELATED TECHNO-SECURITY FIELDS
At SURVEILLANCE EXPO '87 we are dealing with many technical
subjects which, all too often, have been
sensationalized to the point of absurdity,
misunderstood by the press and public,
misrepresented by unscrupulous hucksters.
We are planning an event which presents detailed and factual
information which can be understood and appreciated by attendees
who are not technical experts. SURVEILLANCE EXPO '87 is intended
to be a "nuts and bolts" conference with heavy emphasis on real,
practical, down-to-earth information.
In order to tailor the conference to the needs of security
professionals, we're sending a questionnaire to qualified people,
asking them to rate the desirability of many, many subjects. Once
those results are tabulated, we'll be contacting potential
speakers. If you are interested in making a presentation, send us
a short note outlining your topic and your qualifications.
COMMUNICATIONS SECURITY ASSOCIATION
Objective. The objective of the ComSec Association is to enhance
professionalism in the information and communications security
field. The principal activity in support of this objective is to
provide accurate and unbiased information on the technologies
relating to protection of privacy. This means a heavy emphasis on
communications and information, but it also includes the field of
surveillance. The association encourages open and complete
interchange of information among members.
History. The ComSec Association was founded in 1984 as a
non-profit membership association. The first annual meeting took
place in December of 1985 in Washington, DC. No meeting was held
in 1986, so the 1987 gathering becomes the second annual meeting
of the members. There are currently about 300 members.
The founders, Arnold Blumenthal, James A. Ross, and Craig
Silver elected Ross to serve as president until By-Laws are
adopted, and a new board of directors is elected. Craig Silver
later agreed to serve as the association's counsel and,
therefore, had to resign from the board because he could not
represent an organization of which he was a director. Kenneth R.
Taylor, President of Target International Corporation in Miami,
was elected to fill the vacancy. Later, the board size was
increased to 5, and Paul Bowling of National Investigative
Services, Inc. and Eugene T. Smith of Teltron, both in the DC
area, were elected to fill the vacancies. Smith later resigned.
Second Annual Meeting. The second annual meeting of the ComSec
Association will take place on October 23, 1987 at the Sheraton
Hotel, New Carrollton, MD following Surveillance Expo '87.
All members of the association are urged to attend. The
organization is involved in fields of technology which are
changing dramatically and rapidly. As professionals, we must
continue to study and learn, and the conference and exhibits will
provide a great learning opportunity. Several of our '85
exhibitors have reserved space, and we're hoping to have about
100 exhibitors as compared to 43 last time.
New Director. Recently the Board of Directors met to elect a new
director to fill the vacant slot, and voted to bring Chuck Doan
on board. He has agreed to handle the job entitled VP, Finance.
Finally, after years of confusion, the money matters of the
association are going to be organized.
If you want to contact him, his address is:
Charles W. Doan
Clancy, Doan Intl. Assoc. Inc.
117 Rowell Ct.
Falls Church, VA 22046
703-237-0611
Welcome, Chuck!
ECPA, WHAT DOES THE LAW SAY?
While visiting a colleague in another state recently, I
heard him tell a journalist that it was OK to record telephone
conversations of people talking on your own company's phone
without their knowledge or consent. Your big smart expert editor
advised him that it might be all right according to his state
laws, but that such eavesdropping was a federal felony. He
countered with, "I checked with the FBI and they told me that
it's OK."
Wow. Maybe I really don't know what the federal law says.
Better read it again after I get home.
You know how it goes. You get back from a trip, and here are
all these things awaiting your attention, so the law did not get
read.
Then comes an issue of Communications Week with a feature
article on SMDRs, and in this article there is a flat statement
that the law's "business extension exemption" lets employers
eavesdrop on business related calls.
Wow again. Grab old law. Must be in 18 USC 2511. Read. Read.
Read. No mention. Ah Ha! Get smart. Call Barbara Rowan.
Dear sweet lady takes time out from writing a memo with an
impending deadline. "Must be in 2511." she says. "Hmmm." she
says. "Can't find it. Have to call you back."
While Barbara is researching this, let's hear from you. What
do you think the law says? Or is there some case law in which the
judge took it upon himself to do the job of the legislative
branch?
Meanwhile, your ol' ed has been trying to unravel the
puzzle. He talked to the reporter who wrote the story in CW, and
the reporter referred him to the lawyer who was quoted. After six
calls to San Jose, Robert D. Baker called me back. Asked if he
had been correctly quoted in the CW story, he asked, "What's
Communications Week?" So I read him his various statements, and
his response was that he had never made those comments; in fact,
he said that, as a civil rights lawyer, he would have responded
exactly opposite to the statements attributed to him.
So, Jon Swartz and the editors of Communications Week, the
ball is in your court. Where did you get the idea that there is a
"business extension exclusion"?
BACK ISSUES OF COMSEC LETTER
Soon all of the back issues of ComSec Letter will be
available on our BBS. At present, we are editing those letters on
our word processor, and will upload them to the board when
finished. (No, we're not removing the mistakes; we're editing to
remove topical items such as meeting announcements, etc.)
AN IDEA TO WAKE UP SOME SELF-SATISFIED BUREAUCRATS
Recently, I talked to some government people about the mess
in Moscow. Among others, I called the staff director of the
committee which was planning hearings about the bugged embassy in
Moscow. The reason for the call was to advise that there is a
professional association that has TSCM experts available to
testify. He said that they planned to call only government
witnesses, implying that only people with government security
clearances could possibly understand advanced bugging systems.
Ha! It was government experts (with security clearances but
no knowledge of resonant cavities) who checked the Great Seal
that the Soviets gave us, and said that it was OK to hang it in
the Ambassador's office. As a result, of course, the Soviets were
able to hear everything that was said in that office for years.
In fact, they would still be listening except for the detail
that a defector told British intelligence about it, and the Brits
contacted our people saying, "I say, old chap, did you know..."
So the State Department is attempting to recruit 200 people
(in Houston because there's a lot of unemployment there) so they
can beef up security around the world. Wow! They're going to take
some people off the street, give them 80 hours of training, and
ship them out to protect our embassies from espionage. They
actually plan to use these instant experts to counter the efforts
of the Soviet professionals. Only in America!
So here's the idea to shake up some fat cats who think that
only government experts know anything about bugging. Let's have a
brainstorming session during Surveillance Expo '87 to discuss new
ways of bugging. We'll invite members to present ideas, and get a
consensus from the group as to the practicality of each. Of
course, no one with a government security clearance will be
allowed to submit proposals.
Its a free country, so the press will be invited. We'll
discuss sound conduction through pneumatic tubes, remote
transmitter location, delayed transmission of recorded audio,
irradiation of non-linear junctions with microwave energy,
various spread spectrum modulation schemes, modulation of light,
transmission of modulated ultrasound through pipes, etc.
What do you think? Do you think knowledge of electronics is
reserved unto government people? Let us hear from you.
March, 1987
SURVEILLANCE EXPO
Well, a few people did a lot of work, but many of the things
we thought would come true never did, so the board has decided to
postpone Surveillance Expo '87.
At this time, we cannot even provide a tentative date for
the rescheduled event. However, here's a personal promise from
Jim Ross: before he announces another date, he'll be absolutely
certain that all resources needed to ensure success are in hand
and not just promises.
The single overriding reason for our failure was our almost
total dependence on volunteers due to lack of funds to hire help.
Therefore, our plan is to use currently available resources to
enlarge the membership so that we'll have the wherewithal to be
able to hire professional help.
The first step in this process is to collect dues from
current members by sending dues-due notices with the ComSec
Letter. (Seems like a sensible thing to do, but it had never
been done before.) Next, we plan to increase the dues revenue by
increasing the number of members through mass mailings. Because
several firms have agreed to participate in a joint mailing for
the benefit of the association, and to pay all mailing costs,
we'll be able to do this for only the cost of creating and
printing the mail piece. The first mailing is scheduled for
July, and another will follow shortly thereafter.
We're charging participating businesses $2,000 to send a
mail piece to 25,000 prospects (Security Systems subscribers and
everyone on the Ross Engineering mailing list). If your company
could benefit by mailing to such a list, call Jim Ross right
away. We plan to mail to 50,000 people in the next three months.
MOSCOW EMBASSY FLAP
One of our correspondents reported that he had had a
conversation with an AT&T manager who had just returned from
Moscow. The AT&T fellow said that they had been unable to pull
wire through the in-place conduits because the conduits were
already full of Russian wire.
That's the way to do it. Don't be subtle. Run your bugging
wiring through the same conduits that are used for legitimate
communication. Oh well.
MEMBERSHIP DUES
With the previous issue of this newsletter we sent out small
notices to all members whose dues were paid to any date other
than September 30, 1987. (The membership year now runs through
September for everyone, so that all memberships will expire at
the same time.) A word of explanation is in order.
Because of changing responsibilities among the directors of
the association, a long period went by with no dues notices being
sent to anyone and we decided that it would not be fair to dun
people for back dues when they had never received any notices.
Therefore we devised a small notice and advised on the amount
necessary to extend membership through September 1987, or
September 1988.
Our thanks to all who have responded. If your payment was
received before this issue was mailed, your new membership card
is enclosed. (A new certificate is in the works; please be
patient.) We're really gratified that renewals are outnumbering
cancellations by about twenty to one. Also, we really appreciate
the confidence demonstrated by all, and we're proud to report
that more than half are renewing through 1988.
If we have not yet received your renewal, you'll find
another little note in the envelope with this letter. As we have
pointed out, all records are being maintained by volunteers, and
we know that we're not perfect. If you don't agree with our
records, don't stew about it; let us know and we'll correct our
files.
MOSCOW EMBASSY FLAP, II
Lessee now. The Senate wanted to get technical advice on
what to do about the bugged embassy, so they asked the experts
who let the Soviets bug it in the first place. Based on that
expert advice, Senator Boren says we'll have to tear it down, and
build it over again.
As we see it, senator, it looks like this. First your
experts let the Soviets get away with what you report as
extensive bugging, and then they throw their hands in the air,
saying, "The Soviets are too smart for us; we'll have to give up
and tear the building down."
A question for the senator: "What makes you think that those
same experts will be any smarter or more in control the next time
we try to build this building?"
ECPA
These comments on the Electronic Communications Privacy Act
are triggered by an editorial by Wayne Green in a recent 73
magazine. Under the heading "CONGRESS GOOFS", Wayne points out
that the prohibition against listening to what has been broadcast
on cellular frequencies has proved to be very helpful to
organized (and disorganized) crime.
To understand, you'll first have to appreciate that not
everyone lives by the rules, and that the cellular system is a
great technical achievement, but lacks one essential
administrative ingredient. The people who designed the system
must have assumed either that all users would be honest, or that
no one other than their trusted techies could enter the
electronic serial number (ESN) into a cellular transceiver.
Operating under such an assumption, they established a
verification system that looks only for negatives when deciding
to accept a call. That is, if you have reported your phone
stolen or have not paid your bill; you will not be able to make a
call because your ESN will be listed in the file as NG. That's
fine if everybody is honest, but that's just not the case and the
crooks soon found that they could have fictitious ESNs entered
into their machines, and the system will accept calls from them
because they are not on the bad guy list.
What this all means is that the cellular phone companies
check a NG list before accepting a call, but they don't have any
way to check that the ESN is a valid one. So the bad guys have
phoney IDs entered into their machines, make calls all over the
world, never have to pay for them; and, because of the ECPA,
never have to worry that what they say on the air will be used
against them.
Wayne ends his editorial with the following paragraph:
"If it weren't against the law to listen to cellular channels,
I'd suggest that we hams help the law by listening for suspicious
cellular calls and recording them. Say, how'd you like to get
the goods on some serious crooks and find (a) the evidence is
inadmissable because it was illegally obtained and (b) yourself
on trial for making the recordings. So join me in a big laugh,
okay?"
Well, if you've been reading the ComSec Letter, you know
your editor's opinion of this law, but I can't go along with
laughing at it. It's a perversion, and should be done away with.
Period.
NO MORE ASSOCIATION BULLETIN BOARD
Well, we did have a bulletin board for a while, but Paul
Bowling, who did all the work and bore all of the expense,
decided that he wasn't going to do it any more.
We're sorry. We think that this organization should have a
computer bulletin board, and we're determined to establish a
permanent board for the use of members. Stay tuned.
GREAT NEW PRODUCT!
Radio Shack has done it again! If you ever have need for a
DNR (dialed number recorder), get right down to your Radio Shack
store and check out their CPA-1000. It's a neat little package
with a neat little price. It will print out all of the numbers
dialed, length and time of day on all calls. In fact it does
essentially everything that the 10, 15, and 20 thousand dollar
units do, and it sells for one hundred dollars! Wow!
(Ed. note: I just read over that last paragraph, and I used
more exclamation points in that paragraph than I used all last
year. Well, the CPA-1000 is worth every one. Double Wow!!)
NEW PUBLICATION
Glenn Whidden of Technical Services Agency, Inc. has
announced a series of technical articles on electronics,
eavesdropping, and countermeasures. Everyone working in the
field of countermeasures should try to learn about electronic
communications, and these papers certainly will be helpful.
Good luck, Glenn. I know it's wishful thinking, but I hope
some of the "professionals" in this field will begin to get an
education. Unfortunately I'm afraid that their egos are such
that they know they don't even have to learn the meaning of words
they use like frequency, impedance, resonance, etc. Their eyes
glaze over if you mention Maxwell's Equations or Bessell
Functions, and if you use a common phrase like L di/dt, they
think you're speaking a foreign language. (To them, of course,
calculus is a foreign language.)
Well, maybe some of the companies that have started in-house
TSCM programs will subscribe for their technicians. I hope so.
Education protects us, and every step toward better education is
a good step. C'mon, all you corporate security managers. Order
this course for your TSCM people. Contact Glenn Whidden on 301-
292-6430, at TSA, 10903 Indian Head Hwy #304, Fort Washington, MD
20744. It's $130 for twelve issues, and well worth it.
The August issue of Radio-Electronics magazine lists six
different national non-profit associations which examine and
certify electronic technicians. We'll be pleased to list
everyone in the profession who achieves certification. Send a
copy of your FCC license or technician certificate to the editor.
April, 1987
GREAT IDEA!
This idea came from one of the participants in a recent
seminar, and relates to my comments that infinity bugs are not
much of a modern threat because they require a cooperating
telephone if the target is on an ESS exchange (and almost
everybody in this country is on an ESS exchange).
(The reason that they are not much threat is that they
answer the phone before it rings. So, if you installed one on
someone else's phone as a bug, it probably would not last long
because he'd wonder why his phone never rings and have it
checked.)
The great idea that was put forth in the seminar is that an
infinity bug sure would work fine if installed in a conference
room telephone.
Think about it. If there is direct dial to the conference
room (no operator on a PBX listening for the ring signal on the
conference room extension), this could be a major threat. Unless
there is accidental discovery, there is a good chance that no one
would be at all suspicious of the lack of a ring on the phone.
Another good reason to get rid of phones in conference rooms.
MEMBERSHIP DUES
With each of the last two letters we have included a note to
each member who had not sent in dues to renew his membership
according to our records. The response has been very
encouraging, but there are still many people receiving this
letter who have not renewed their memberships.
We cannot afford to continue to send the letter if we do not
have support in the form of dues payment. Therefore, be advised
that this may be your last letter if we have not received your
payment before the next issue is mailed. It will be your last
issue unless you advise us of an error in our record keeping, or
we find that we have made an error.
Speaking of errors, we certainly don't claim to be perfect.
First we had the list on the Ross computer; then we went to an
outside vendor which had three owners in rapid succession, then
we went to a volunteer who didn't have time enough, and now it's
back on the Ross computer. Yes, there have been some errors, but
we think we've just about got it all straight finally.
WHO MONITORS OR RECORDS ILLEGALLY?
THE PREMISE
In a recent COMSEC LETTER we asked our readers to send us
examples of how the federal law requiring at least one party
consent to monitor or record conversations is regularly violated
with no legal action taken against the violators. After all, it
is a federal felony, and we would logically expect enforcement by
constituted law enforcement agencies, no?
POLICE
Well, it may just be that law enforcement agencies are the
biggest violators. Here in Maryland (where state law requires
all party consent to record phone conversations) some Montgomery
County police officers have brought suit for $865,000 against
their department alleging that their calls were recorded without
their consent. It seems that the Montgomery County Police
department routinely records all calls to the department, not
just those calls to the 911 emergency number.
Come to think of it, is there an exception in the law which
allows recording of calls to emergency police numbers? I just
read through 18 USC 2511 again, and I can't find any exemption
allowing such recording. Are police departments regularly
committing felonies while they're trying to do their jobs right?
What do your state's laws say?
SCHOOLS
Most schools have intercom systems which allow selective
messaging to all rooms, to some selected groups of rooms, or to
single rooms. In addition to allowing messages to be sent to the
rooms, the systems also allow listening to activities within the
rooms. My consultants advise that the system used in the schools
where they worked had no light or other signal in the room to
alert occupants that they were being monitored.
It looks like this is another case where people who are
trying to do their jobs right are violating the law without even
being aware that such a law exists.
The California Supreme Court has ruled that such monitoring
is a violation of the students' right to privacy.
COMMERCE
In the July issue of Security magazine an item described the
use of monitors in McCormick Place, a Chicago convention and
exhibition center with "tubed walkways" and large parking areas
where providing personal protection is difficult. According to
the article the security department uses Aiphone intercoms to
listen for trouble.
Again, we have people trying to do their jobs right, and
apparently violating the law in the process.
THREAT ASSESSMENT, TELEPHONE TAPS
GENERAL
In estimating the threat to privacy posed by telephone taps,
several factors must be considered. First and foremost, we must
evaluate what it is that any tapper hopes to accomplish. What is
it that we have that is of value to someone else? Second we must
determine his strength. What resources can he commit to
accomplishing his aims? Those resources can be summed up as
technical competence, time, access, and money.
MAJOR THREATS
Strange as it may seem, one of the most dangerous threats
might be from a small competing business, run by an electronic
hobbyist, which occupies space in the same building.
The rationale for that statement goes as follows. A
technically competent small business owner can do the work
himself without involving any one else. He has no time pressure
and he has access. He doesn't need much money because he doesn't
need to hire anyone and the equipment involved in tapping is
ridiculously inexpensive (less than $100). He could easily
install automatic recording equipment and scan the recordings for
the information that he wants.
On the other hand, supposing the threat is from law
enforcement. Contrary to the impression created by TV shows, law
enforcement agencies are not all-wise and all-knowing. Some
departments have no one capable of tapping phone lines, and
getting the necessary court order can be difficult. However,
let's consider a qualified law enforcement organization.
If the activity is to collect evidence to be used in a
trial, they must be very careful to be certain that the evidence
will be admissable. We believe that a good defense attorney will
attack any incomplete tap-generated evidence, and that means that
all lines must be monitored. Further, officers must be assigned
to the listening post and other officers must be assigned to keep
the suspect under surveillance so that they can provide
corroborating testimony. In addition to monitoring all lines and
transcribing all tapes, a continuous chain of custody must be
maintained over the tapes and sometimes experts must be used to
verify that the tapes have not been altered, etc.
(Recently one of our seminar participants advised that his
state requires that there must be continuous human monitoring of
all lines so that only the conversations of the suspect are
recorded, creating even more manpower requirements.)
SUMMARY
Law enforcement has a major job on its hands when it sets
out to gather evidence via wiretaps. On the other hand, the
competitor operating without rules can do the job very simply.
He is not looking for evidence, only information.
SOME GLOSSARY TERMS
ACM. Audio countermeasures. Another name for TSCM.
BRIDGE. In telephone parlance this can be a noun or verb
and refers to making a parallel connection to a pair of telephone
wires. In contrast, in electronics a bridge is a four-terminal
device with several applications depending upon configuration.
DIALED NUMBER RECORDER (DNR). Device which records all
activity on the telephone line to which connected. Time off-
hook, time on-hook for all calls; numbers dialed for all outgoing
calls. In the days of pulse dialing a device called a pen
register did the job of recording numbers dialed.
ESS. Electronic Switching System. The newest of the
switching systems in use by the telephone companies in the USA.
You are served by an ESS exchange if you have access to the
special features of call waiting, call forwarding, and three-way
calling.
HARMONICS. Frequencies that are integral multiples of the
fundamental frequency.
HERTZ (Hz). Unit for measuring frequency equal to one
cycle per second. KiloHertz (KHz) = 1,000 Hz; MegaHertz (MHz) =
1,000,000 Hz; GigaHertz (GHz) = 1,000,000,000 Hz.
TEMPEST. Refers to classified government effort to protect
against compromising emanations from electronic equipment. (It
may be a coined word, and it may be a semi-acronym from transient
electro-magnetic pulse emanation standard.)
TITLE III. Refers to equipment for surreptitious
interception of communications. For most people, possession,
advertising, sale, and use of Title III equipment is a felony.
TSCM. Technical Surveillance Countermeasures. Commonly
called debugging, sweeps, or electronic sweeping. However, these
terms do not adequately describe the full range of TSCM
activities, and seem to be more descriptive of "magic wand"
operations and not of professional work. Let's stick with TSCM.
May, 1987
SOME COMMENTS FROM YOUR EDITOR
We're now in our fourth year of composing this letter, and
it seems to be a good time to plan some changes based on that
experience. So here we go.
1. Many of the people who have written to us have received
no thanks either directly or in print; so we're resolving to
rectify that by starting the process of acknowledging all of the
folks who have sent clippings, comments, suggestions and
questions. Therefore, beginning with this issue, we're going to
include either Feedback or Questions and Answers or both as
regular features in this letter.
2. We've been neglectful of late in steering you toward (or
away from) publications that we have read so we're resolving to
pass along opinions on such things on a regular basis; and in
this issue you'll find a review of two items recently read.
3. It has long been our desire to include a short technical
essay with each issue of the letter. At this time we're not
ready to commit to a new essay with each issue, but at least
we're ready to start. Beginning with the next issue you will
receive two pages each month from the glossary which has been
created by your editor for his seminar, Defense against
Electronic Eavesdropping.
4. Each summer has been a catastrophe as far as schedules
go, so we're going to face facts: getting the letter out each
month in the summer is not possible so we're going to go with ten
issues per year. (To answer Ben Harroll and others who have
asked: No, we did not publish in July and August last year [YOGO
2.07 and 2.08].)
5. Teleconnect and The Councillor (the organ of the Council
of International Investigators) have several times republished
some of the thoughts in this letter, and we're pleased. We
invite all editors to republish anything with appropriate credit.
6. Last, but not least, we're looking for practical ways to
improve this letter and get more information out each month. New
hardware and software will help us to dress it up, but we'll need
additional income to expand to 8, 12, or 16 pages. We've given
serious thought to selling advertising in the letter or mailing
advertisers messages in the same envelope. What do you think
about receiving advertising messages in/with the ComSec Letter?
FEEDBACK
(The following comments are based on the material that
happens to be on the top of the stack. There were no criteria
for determining what to include at this time; we merely grabbed
the items closest at hand. Next month we'll add some more.)
We get clippings and calls on a regular basis from the folks
at Sherwood Communications Associates. They have a lot of
contacts with a lot of people in this field, and really do a
great job of keeping us informed.
From California, Norman Perle sends us copies of his press
clippings, and Roger Tolces sends an occasional note to advise
that your editor doesn't know what he's talking about. (By the
way, Roger has submitted a report on a bugging system that he
found and we'll get around to running it as soon as we can find
time to edit it.)
Don Schimmel gets the credit for calling our attention to
the two-faced operation of our Congress with regard to the
airwaves. (See the segment entitled "Who does own the airwaves?")
Nice note from Jerold Hutchinson with his membership
renewal. He says he enjoys reading the newsletter and "keep up
the good work." Thanks Jerold. Encouraging words help.
QUESTION AND ANSWER
Q. Our old friend, Ted Genese, sent along a flier from
Winkleman in England, and asked what they meant by "line
interceptor [which] enables an adversary to monitor more than one
communications line from a single listening post."
A. Well, Ted, we featured some of the US Winkleman claims
in a letter about two years ago. As I recall they claimed
"Complete Protection against Wiretaps", but never demonstrated
that they could provide such protection. (The reason that they
couldn't, of course, is simply because nobody yet has any
equipment which will detect a simple tap properly installed.)
Our mail to their last US address comes back "Moved. No
forwarding order", so we presume that they have closed their
offices on this side of the pond.
To answer your specific question, Ted, I don't know what
they mean by a line interceptor. Sounds mighty mysterious, but
it doesn't sound like anything I have ever studied about in
communications electronics. However, the idea of monitoring
several lines from one location is nothing spectacular; answering
services do it all of the time. Nothing spooky about it at all.
I hope our public servants who tap lines save a few tax
dollars by consolidating a lot of taps in one listening post.
Paying a few extra dollars out to the phone company for lines to
one LP is a lot cheaper than setting up and manning many
different LPs.
WHO DOES OWN THE AIRWAVES?
If you've been reading this letter, you might have received
the impression that your editor is not a fan of the ECPA of 1986
(Electronic Communications Privacy Act). You'll recall that he
thinks it is stupid to pass an unenforceable law, especially one
that makes it a crime to listen to what has been broadcast.
Yes, that's right. Our legislators passed a law that makes
listening to the content of broadcasts on some frequencies OK; on
some others, a misdemeanor on others, a felony. (Soon we will
have to have a frequency meter, with calibration traceable to
NBS, with us at all times while we tune our radios.)
In any event, Congress passed this silly law in November of
1986, and it became effective in January, 1987.
In the summer of '87 the FCC abolished the "fairness
doctrine" which had forced commercial broadcasters to provide
equal time, and thereby really angered the Congress. In the
words of Ernest F. Hollings, Chairman of the Senate Committee on
Commerce, Science and Transportation, "The American people, not
the broadcasters, own the airwaves!"
Well, yeah, OK, Senator. If we own the airwaves, why did
you vote to make it a crime to listen to what has been
transmitted over those airwaves into our homes?
SMART, SMART, SMART
We've been noticing a trend in big businesses lately which
strikes us as really smart. More and more of our subscribers who
work for big companies are having our publication mailed to their
home adresses.
Why is that smart? Think about it. Big company. Big mail
room. Big payroll to pay the people who try to sort and deliver
the mail each day. Why not let Uncle Sam do the sorting and
delivery for you. Doesn't cost the company a thing. Smart.
PUBLICATIONS REVIEWS
Recently I ordered a booklet entitled "Study Notes on Secure
Communications" and one called "Crossroad" from Spear and Shield
Publications.
Wow. What a surprise. The introduction to the secure
communications booklet was written by Atiba Shanna -- New
Afrikan Communist of the New Afrikan People's Organization, and
it contains a lot of stuff but nothing about comsec. The other
booklet contains several essays, but the title of one should give
you an idea as to its thrust, "ON GORBACHEV, MICKEY LELAND AND
SELF-DETERMINATION FOR AFRIKANS IN AMERIKKKA."
Available for $2.00 from S&SP,1340 W. Irving Park #108,
Chicago, IL 60613.
Our recommendation: Don't bother.
The other publication, however, we really appreciated, and
we thank Howard Karten for calling and recommending "The Second
Oldest Profession" by Phillip Knightley.
From your editor's point of view this book had two strikes
against it at the outset: it was written by an Englishman using
English English, and the many, many references are distracting.
Despite those drawbacks, though, I found it to be a very
enlightening book, well worth the price.
Before proceeding with the good stuff, however, a caution to
those who think Ollie is a hero and the CIA should be in the drug
trade: you won't like this book.
That said, let us quote from the book to explain the essence
of the reason for immortality of secret organizations: "Once
invented, the intelligence agency turned out to be a bureaucrat's
dream." "...rebut critics with the simple and unanswerable
expedient of saying, 'You are wrong because you really don't know
what happened and we can never tell you because it's secret.'"
Throughout the book the author provides details of erroneous
intelligence that was acted upon, and good intelligence that was
ignored. For instance: "Ultra showed that Allied strategic
bombing of Germany had failed to crack German morale, and had not
made a dent in German aircraft production. ..... All this was
passed on to proper authorities, yet the raids went on: the truth
of Ultra did not suit the champions of heavy bombing."
Very detailed. References galore. Old spooks will hate it.
Hardcover. 436 pages. $19.95 from W.W. Norton & Company.
CALL FOR VOLUNTEERS
This association is just beginning to take shape and some
volunteers are badly needed. Some people who are capable of
working with almost no supervision can have a big impact on our
growth and success. No, there will be no immediate reward other
than recognition in our meetings and publications; but the long-
term rewards could be substantial.
What say? Want to take one of the committee chairmanships?
We need help with our next expo, our next membership meeting,
membership programs and benefits, local chapter genesis, budget
and audit, and more. Call me. Let's talk about it.
June/July, 1987
SURVEILLANCE EXPO '87
In case you missed the announcement in an earlier letter,
we'll repeat: Surveillance Expo '87 has been postponed. It was
well into the planning stages when it became apparent that we did
not have the manpower or financial strength to do it right.
However, there has been a lot of interest, and we'll be
announcing new dates soon. Stand by.
By the way, this is a program that needs volunteers to work.
Interested?
MORE ON ILLEGAL(?) EAVESDROPPING
It's not that we're opposed to any of these activities that
we have been reporting on. Certainly the apparently illegal
eavesdropping activities reported last month are all undertaken
by people who are trying to do their jobs right. The point of
presenting this information is to emphasize that the law is not
enforced and, in many cases, enforcement would be a travesty.
Consider the case of the need to properly control prisoners.
Audio surveillance is routinely used in jails and prisons as a
means to get more coverage out of the staff. We'll not get into
the argument as to whether prisoners have any right to privacy;
that's another issue. The point is that the law does not mention
an exception for lock ups, and it probably should.
The law does make advertising or using equipment "primarily
useful for surreptitious interception of oral or wire
communication" a federal felony. So along comes a company called
Louroe of Van Nuys, California with their "bare bones" Kit #ASK-4
which consists of a microphone, power supply and amplifier. The
heading on their sale flier says "When you have a lot to protect
Louroe Electronics protects a lot." At $270 retail their
surveillance kit is recommended for convenience stores, delivery
entrances, hospital therapy rooms, jail interrogation rooms,
cashier and counting rooms, and all other secured zones.
Is this company in violation of the law? Are they
advertising something which is primarily useful ... etc.? If you
use their equipment to eavesdrop on other persons without their
knowledge or consent, are you breaking the law?
What do you think?
QUESTIONS AND ANSWERS
Q. Ben Harroll asks if I have heard of an "FBI phone and
room unit that saves up a day of conversations ... on a chip in
digital form. Then dumps the whole memory in something like 30
seconds when they drive by and trigger a burst transmission which
they then record and take back for further analysis (perhaps key
words, phrases, etc.)".
Ben also asks about a "wall unit that served to link the
agents remotely with all the phones (perhaps room audio as well)
in an entire building. The agent could access any phone from his
base by contacting the unit built into the wall".
A. Let's consider his multi-faceted queries.
First let's consider the equipment available for digital
storage of speech. Digital storage offers many advantages, but
the equipment which is currently available is severely limited in
capacity. For instance, I'm looking at the specs for a unit
which is about 4 by 10 by 17 inches in size and consumes 20 watts
of power from the mains. This unit would not be easy to conceal,
and has the capacity of storing only 30 seconds of speech.
Now I'm not going to say that a day's worth of conversations
cannot be stored digitally; but, unless the FBI has come up with
capabilities far beyond what is available commercially, it does
not look practical.
"Phone and room unit" implies that you would be storing
tapped phone conversations as well as room audio, and I cannot
understand why you would want to do that. The phone
conversations can easily be stored at a remote listening post
without any concern for concealing the equipment. It just doesn't
make sense to try to do it in the target area.
The other consideration is "driving by" and "triggering a
burst transmission". (Sounds like Hollywood!) I know that it
can be done, but I ask why build a radio receiver and transmitter
into the recording mechanism? Such things are easy to detect,
and are frequently detected by accident. The power level of the
transmitter would be high enough to light up even a pen-set
transmitter detector and the receiver LO would be detected by a
good TSCM operation.
And burst transmission? I know how and why and where burst
transmission is used in at least one application, but I sure
don't know why you'd try to use it in this situation. Maybe
there is a reader to this letter who can shed some light on the
use of burst transmission in such a circumstance.
As for Ben's second question, the answer is exactly opposite
to the answer to the first. The equipment needed to switch from
monitoring one line or room to monitoring another is commonly
available and not the least complicated. Building it into a wall
is the most complicated part of the whole process, in my opinion.
(However, it might just be that your informant was referring to
remotely accessed DNRs and this technique is also very simple.)
DUMB, DUMB, DUMB
Recently, in the course of providing TSCM service to a
client here in the DC area, we discovered that the carbon
microphone in the conference room was wired to spare conductors
and we spent the better part of a day tracking the wiring back to
the listening post. Immediately after completing this job we
left for a job in Ohio and another in Chicago, so we were out of
touch pretty much while driving.
One message picked up when calling the office from Illinois
was from a private investigator in New York instructing me to
call a lawyer in Washington, DC. (Neither the PI nor the lawyer
were known to me.) When I got through to the lawyer, he began to
ask me questions about my activities for my client the previous
weekend, and the conversation went like this:
"I need information on your activities for the XYZ
Corporation last weekend."
"Sir. Please don't take offense, but you are just a voice on
the telephone to me. I will not even confirm or deny that I even
know XYZ Corporation to you."
His response was to advise me of his college, his degrees,
his status with his firm, and the statement that he represents my
client. Again, I advised him that he was still just a voice on
the phone; and, before I would talk to him I needed approval from
someone I know in the client company.
"Well. Supposing I have John Jones or Pete Smith call you.
Would that be all right?"
"Sir. I just finished telling you that I will not confirm
or deny that I even know that company. I'm certainly not going
to confirm that I know some people by name in that company. If
you want to discuss any client with me, first have someone that I
know in that company call me, and tell me it's OK."
The upshot of the whole affair is that the GM of my client
company did call, and I did discuss the facts with the lawyer.
However, I'm left with a very bad taste in my mouth for two
reasons. First, my client is represented in a case involving
industrial espionage by a lawyer who doesn't have the foggiest
idea about industrial espionage -- is not even aware that one of
the easiest ways to collect information is to pretend to be
someone else and call and ask for it. The client has been the
victim of a very well executed bugging system, but he has placed
his trust in a man who can't understand why I don't provide
chapter and verse to an unknown voice on the phone. Secondly,
the lawyer, who doesn't know anything about electronics, refused
to allow me to give him the information that I knew he needed.
Instead, he insisted in reading me a list of questions which
apparently had been prepared for him by someone else who doesn't
understand electronics either. Consequently, whatever report
that lawyer generated won't make sense and will be of negative
value.
DO THEY UNDERSTAND TELEPHONES, OR WHAT?
Teleconnect calls this AT&T's marketing coup of the month.
We're inclined to upgrade it to "of the year" or "of the decade".
In a catalog received recently from AT&T is an item called
"Power Failure Rotary Telephone". It seems that AT&T is offering
a black rotary (pulse) dial telephone for $54 so you'll be able
to dial out in the event of a power failure!
(In case you're not a telephone techie of any degree, be
advised that the touch tone phones don't need power from the
mains to operate; they get their power from the exchange. By the
way, AT&T Marketing Department, if there's no power from the
exchange, the pulse phone won't work either.)
To all of our friends in AT&T who really do know how phones
work: We're really embarrassed for you.
Maybe we should start a case to undivest!
CONTRIBUTIONS
The ComSec Association is organized as a non-profit
educational association, 501 (c)(3). Gifts (not dues) can be
deducted on your income tax return (read the rules). We are also
under the impression that donations in kind (material things) can
be deducted at full value (again, read the rules, or discuss with
your accountant).
Anyway, we need all the help we can get. If you feel like
sending in a big cash donation, we sure won't refuse it. On the
other hand, we badly need to upgrade our computer and printing
capability, so we'd certainly accept anything along that line.
Do you have anything that could be helpful?
SPECIAL NOTE
As promised, we're starting to include an extra page of
technical information with your copy of the ComSec Letter. We
can't promise to have it in with every issue, but we're starting
with our TSCM Glossary, and you'll get one sheet with each
letter.
Aug/Sept, 1987
OUR MOSCOW EMBASSY, AND DID THE SOVIETS BAMBOOZLE US?
Well, our elected representatives who visited our new
embassy under construction in Moscow say that it is so thoroughly
bugged that we'll never be able to use it. They said a lot of
things that don't make any sense technically (such as it is just
one big antenna), but they never did explain what the threat is.
So here's a guess from the outside.
I'll bet that the Soviets are aware that our government
countermeasures people use non-linear junction detectors (NLJDs)
in TSCM so they dumped thousands of old diodes and transistors
into the concrete to create lots of responses for the NLJDs. We
probably detected non-linear junctions every few inches on every
beam and column and any place that there's poured concrete, and
every one of those "hits" was reported as a bug.
In case you're not familiar with electronic communications
theory, modern equipment, and government TSCM techniques, let us
review briefly.
Modern electronic equipment contains active components that
are solid state; some are discrete components, such as bipolar
junction transistors and field effect transistors, and some are
monolithic integrated circuits. Such solid state devices, by
nature, contain non-linear junctions and one characteristic of
non-linear junctions is that they generate harmonics of whatever
radio frequency energy excites them. Our government experts knew
this so they contracted for the design of a non-linear junction
detector for use in TSCM. In use, its operators found that
naturally occurring non-linear junctions also emit harmonics of
the exciting frequency. (Naturally occurring NLJs occur any
place that there is metal-to-metal contact with something like
oil or rust in between.) Now, theory says that the naturally
occurring junctions favor the third harmonic and the solid state
electronic components favor the second (or maybe it's the other
way around; I don't remember). In any event, the operator is
supposed to be able to differentiate between an electronic
component and a naturally occurring NLJ. However, many people
with a lot of field experience have told me the false alarms
drive them batty -- and many have told me that they no longer use
this instrument.
Now, I'm sure that Ivan installed many bugs in the embassy;
but I'm also very confident that he installed a lot of junk to
create false alarms for our people. What do you think?
ECPA
FOREWORD In November, 1986 the Congress of the United States of
America, with almost no discussion or debate, passed the law
known as the Electronic Communication Privacy Act (ECPA) of 1986.
Shortly thereafter it was signed by President Reagan, and it
became effective in January of 1987.
WHO BENEFITS? This law is an example of what can be accomplished
for the benefit of some narrow special interests through the use
of lobbyists. Although our legislators made many pronouncements
for public consumption that they were acting to protect us, what
they actually did was to create a law that is of primary benefit
to cellular telephone sellers who wish to deceive the public.
Yes, that's right. The net effect of the new law is to
allow sellers of cellular telephones and service to say, "No one
can listen to your calls; it's against the law." This, of
course, ignores the practical fact that the radio transmissions
from cellular phone transmitters intrude into our homes and
businesses without being invited.
Will these transmissions be listened to? Of course they
will. They'll be listened to with impunity because the law
cannot be enforced; and, further, the Justice Department has
announced that it will make no effort to try to enforce it.
There are those of us in various businesses and professions whose
work requires that we listen to everything that's on the air, and
we're certainly glad that they are not going to try to enforce
the law.
HISTORY The old law, The Omnibus Crime Control and Safe Streets
Act of 1968, Title III, was commonly misunderstood --- partly
because it addressed a technical subject, but mostly because it
used extremely convoluted language to express a simple idea.
Consequently, almost everything written to explain that law has
been incorrect. The words used by the politicians describing the
old law, in order to justify the creation of the new law, were
incorrect. "Experts" writing about that law haven't bothered to
read it; they have simply repeated the same errors that they
heard from others. Several court opinions relating to the old
law grossly misquoted it, or inverted the meaning of the words
used in it. The old law, written to control eavesdropping on
human voice conversations, was a masterpiece of circumlocution.
Its drafters apparently were writing to impress, rather than to
communicate. They used as many fancy words as they could muster,
but never once used any of the key words: "voice", "human",
"conversations" or "eavesdropping".
In short, the old law was an abomination.
The new law is worse.
THE NEW LAW The new law makes it a crime to listen to what has
been broadcast on certain radio frequencies. It's OK to tune to
some frequencies, a misdemeanor to tune to others, and a federal
felony to tune to others. Wild.
The new law allows "providers" to listen to communications
on telephone circuits that they provide. Unfortunately, the
drafters neglected to provide a definition of "provider".
Already, within a few months of passage, those words are being
interpreted to mean that the boss can listen to his employees'
phone calls without their knowledge or consent. Carried one step
further, it could be interpreted to mean that the breadwinner in
a household can legally listen to his/her spouse's phone calls.
The new law puts restrictions on law enforcement's use of a
dialed number recorder (DNR) (which it calls by the 1930s term
"pen register").
As with the law that it replaced, the new law uses the words
"in whole or in part" (referring to the kind of communications
addressed by the law) without defining whether these words are
intended to refer to the medium or the message. It is your
author's considered opinion that these words refer to the
message; otherwise they don't make sense. (I must point out,
however, that some very smart lawyers disagree.)
The new law creates a strange concept: "aural transfer".
Strange because the word "aural" refers to the human (animal?)
hearing mechanism which converts the mechanical energy of sound
impinging on the eardrum into electrical impulses which are
transmitted to the brain. "Transfer" implies a system, which
would be composed of a transmitter and a receiver; but the aural
process is only a receiving process. Let's paraphrase "Where's
the beef?" and say "Where's the transmitter?" in this system.
Oh yes, sounds broadcast on subcarriers may not be listened
to. Imagine! While you're in an office or elevator that plays
MUSAK, you are committing a felony by intentionally listening!.
Last, but not least, criminals have found that they can use
cellular phones for communication without paying for the service
by having phoney electronic serial and telephone numbers
installed in their phones. Also, they talk freely because they
know that what they say can't be used against them because law
enforcement must get a court order in order to legally listen to
what they are broadcasting on the airwaves.
ONE IMPROVEMENT First, you must recognize that our legislators
chose to redefine "intercept" rather than to use "eavesdrop" when
they are referring to eavesdropping. (Intercept means to seize
something, preventing it from arriving at its intended
destination; so they had to redefine it.) In the old law they
redefined this word to mean "aural acquisition" of the content of
a communication. This was dumb and caused untold confusion.
The one improvement in the new law, then, is the re-
redefinition of interception to mean the acquisition of the
content of the communication.
Hallelujah! (But wouldn't it have been better to use the
right word in the first place?)
HOW TO USE WORDS TO CREATE A FALSE IMPRESSION
(a lesson from our elected representatives)
The following comment was carried in COMSEC
LETTER, YOGO 2.06, issued while this law was being
drafted.
"Throughout the proposed law and in all references to
these laws our Congressmen have used the word "protection"
when they are referring to the legislated prohibitions
against eavesdropping on conversations. It is as though
they really believe that they can legislate protection.
"If you believe that legislation can "protect" your
broadcast conversations from being overheard, we have an
experiment for you -- and any congressman who thinks he has
such power.
"First let Congress pass a law which prohibits piranha
fish from biting our citizens. Let's make it a felony.
"Then you, or your congressman friend, go jump in a
river full of piranhas.
"Let me know how you make out."
IN THE WORKS
Because of the many requests that we have had for
complete sets of the ComSec Letter, we've been working on
editing out topical information and consolidating each
year's letters into one publication. These should be ready
soon; we'll let you know.
GLOSSARY
Just a reminder: we're enclosing pages 2 & 3 of the
TSCM Glossary with this letter.
FEEDBACK
Our thanks to Jerold Hutchinson who wrote to advise
that our definition of ACM is incorrect. He's right, and
we'll correct it in future editions of the glossary.
Although many folks use the terms interchangeably, ACM
is not another term for TSCM. ACM means audio
countermeasures and does not include countermeasures
against other methods of technical surveillance.
October, 1987
TRAP AND TRACE -- PEN REGISTER
Recently it has come to our attention that some folks
(especially lawyers) are using these terms interchangeably.
The confusion was probably started by the juxtaposition of
the two terms in the new federal law relating to
communications privacy. So let's see if we can shed some
light on these two different items.
First: pen register. (Do we have to use that
antiquated term? Yes, I know that it is the term used by
our legislators when they wrote the law, but the pen
register is an item that was modern when I was a kid, and
all phones were black rotary dial units with pulse output).
Anyway, the dialed number recorder (DNR) -- term for the
modern device which prints out the number dialed whether
the dialing is done with DTMF or pulses or a combination of
both -- is a device which is placed across the line of the
calling telephone. It prints out a chronological record of
all telephone activity: date and time off-hook and on-hook
on all calls and digits dialed on all outgoing calls. The
key to differentiating this from the trap and trace
equipment is that this device is connected to the line of
the calling telephone.
Trap and trace, on the other hand describes telephone
company equipment which is used, starting at the called
telephone to "Trace that call!", as they say in the movies.
However, the process is not as simple as the movies would
make you believe, particularly if the two ends (calling and
called) are not in the same exchange. The different
companies use different equipment to accomplish the same
thing, namely identification of the number from which the
call was placed.
To summarize: the DNR (modern pen register) is used at
a calling number to determine the called number; and trap
and trace equipment is used, starting at a called number,
to determine the calling number.
As we have reported earlier, there are developments
which will drastically change this scene. Congress made it
more difficult for law enforcement to get authority to use
a DNR and Radio Shack came out with its CPA-1000 -- a DNR
for the masses at $99.95 ("professional" DNRs start at
about $5,000). Meanwhile, our phone companies are
introducing CLASS and CCIS piecemeal across the country.
(See definitions of these terms in the glossary pages
distributed with last month's ComSec Letter.) CLASS and
CCIS will make trap and trace equipment superfluous; the
called party will be able to identify the calling number
without the aid or intervention of anyone or anything at
the telephone company.
ANONYMOUS LETTER
We recently received a letter from a former member
which raises a lot of interesting questions, so we'll run
it almost in its entirety, and do our best to try to answer
the questions for the benefit of all.
THE LETTER
"I was a student member of the ComSec Association
until my membership expired and the CSA board decided for
whatever reason to delete student member status.
"For the past several months, I'm glad to say that for
whatever reason, I have continued to receive the ComSec
Letter.
"With all of its coverage of the ECPA, and since the
whole communications privacy issue has been pushed by the
cellular telephone industry, I've decided to write to you
from my perspective -- a hobbyist communications monitor
whose interest includes the cellular telephone. You are
welcome to publish this as you see fit, under the condition
that I will remain anonymous.
"Cellular telephone communications operate at 825-845
MHz for the mobiles and 870-890 MHz for the cells. There
are several hobbyist communications receivers capable of
covering this range, with prices ranging from $400 to $800.
Interestingly enough, Radio Shack sells one of the best
receivers covering this range -- the 300 channel PRO-2004.
For political reasons (including the fact that RS sells
CMTs), cellular coverage was deleted by adding one easily-
removable component to a circuit board. It is common
knowledge that this component can be removed so this
continues to be a hot seller. Also, the CMT frequency
range was once allocated to UHF TV channels, so it is
possible to monitor cellular on an old TV set!
The majority of the telephone calls are of a
(legitimate) business nature, seconded by the more
interesting (to us casual monitors) personal calls. After
a quick scan of conversations, you realize how many people
cheat on their spouses! Drug deals are also often
monitored, and there have been instances where I have
copied down times, locations and any other helpful data,
turned it over to law enforcement agencies, and in turn
monitored their communications as they staked out the area
to make the arrests.!
Many law enforcement agencies themselves use cellular
phones, and by their lack of COMSEC/OPSEC during those
calls, they must seem to think the calls are relatively
secure. It seems that the agencies (DEA, FBI, etc.)
currently have no capability to monitor CMT conversations,
and "If we can't do it, chances are no one else can
either!" seems to be their attitude.
CMT industry officials would have you think that a
call changes frequencies every few seconds. While this
occasionally happens, the majority of the calls remain on
the same frequency for at least a minute. Also, it usually
takes me about 30 seconds at the most to relocate a
conversation that has switched to another channel as long
as the site is within about 15 miles of my area.
If you're behind or near a person using CMT, it is
quite simple to immediately locate the frequency and tune
in the conversation on the receiver without the use of a
spectrum analyzer or any other sophisticated equipment.
I'm currently trying to think of a way to pass on the
method to law enforcement agencies.
Overall, the cellular telephone system is a
sophisticated, extremely useful communications medium, but
the industry is making a mistake by trying to show that it
is something that in actuality it is far from -- secure.
Jim, feel free to use any of the above that you wish,
but please keep identifying information, such as my name,
etc. confidential.
I would like very much to contact my area FBI & DEA
Field Offices, because, after monitoring them, I know that
they are currently unable to monitor cellular conversations
(regardless of the law), yet I can't really just call them
out of the blue and say "Hey, after monitoring you, I know
you can't listen in on CMTs. I'd be happy to tell you
how!"
"I'd appreciate any advice or comments you might
have."
OUR ANSWER
First, let's consider the administrative questions
concerning CSA and your lapsed membership.
The student membership category was suggested by me
because I think we should do all we can to get young folks
interested in this field, and we all recognize that
students normally don't have a lot of money to throw
around. We knew when we set the dues at $10 per year that
it was a money-losing proposition, but we wanted to make
this information available to young folks studying in the
field.
Yep, I'm the one who suggested it. However, I'm also
the one who suggested that it was unworkable in an
organization this size with nothing but unpaid volunteer
administrative help -- me, my wife, and our youngest
daughter. Our experience in handling membership
applications convinced us that it was not worth the effort.
Almost every application had to be sent back for some kind
of documentary evidence that the applicant was truly a
full-time student. Many applicants were people who
sometimes took a course in the evenings, and some said
flatly that they studied on their own without benefit of
any recognized school. Those people, and the awful mess of
address changes just ate up too much time.
As to the reason that you received copies after your
membership expired; well, that's an interesting story and,
again, it relates directly to our naivete (or
inexperience). First, we tried to notify members to renew
by referring them to the code in the address label on the
envelope. Whoops. That didn't work partially because the
envelope was already in the trash before the member read
the note, and partially because many folks could not
understand our coding.
So then we were saved by a volunteer who said he would
maintain the membership list and send letters to all
members to remind them to renew. Whoops, again. We
suffered from many errors in the labels he printed out, and
delays of several weeks to get labels for mailing a monthly
newsletter. Oh, and by the way, he never did send even one
letter to remind people to renew.
The reason for the extra letters, then, is that your
editor was feeling guilty. How can you justify cutting off
membership if the member had never even been notified that
it was expiring. (Now, when we get as big as ASIS with a
five or six million dollar annual operating budget, then,
by golly, those renewal notices will go out like clockwork.
We hope.)
Now, let's consider the very serious subjects
introduced, namely the ability of some of us to monitor,
and inability of some others.
I cannot reveal the location of the letter writer so
we can't get a geographical fix on where DEA and FBI have
commented on the air about their inability to monitor CMT.
So, let's just ask the question of all of our readers: Is
this the situation in your area?
Speaking for ourselves, we have occasionally heard
some cellular phone conversations. In fact, while
demonstrating to some Senate staffers (before ECPA was
passed), we listened to a conversation during which one
party advised the other to buy a coach ticket, and he would
upgrade it to first class at the airport. (If that doesn't
make sense to you, let us explain. It is a violation of
federal law for a government employee to accept
transportation from a lobbyist or a contractor -- so what
is done is that the government employee gets his coach
ticket, and the contractor upgrades the ticket for cash,
and writes off the expenditure under some legal heading on
his expense report.)
Also, we've heard dates being made, and excuses being
given for dates broken; a girl giving all of her vital
statistics to what sounded like a prospective client, drug
deliveries being made, collectors (not the kind who send
invoices) going out to make collections, and a whole lot of
trivia.
BBS
Recently we were advised of a BBS called Mainstreet
Data (619-438-6624) which has a section called TAP
Magazine. Per the notice in 2600 magazine, for a
complimentary account call, enter 12 for your ID, enter
DAKOTA for your password, and at the first command prompt
enter PRO.
Please let us know how you make out.
SEEN AT ASIS, LAS VEGAS
Our nomination for the company with the most
interesting name at the annual seminar and exhibits of ASIS
in Las Vegas last month: Network Security Associates which
identifies itself by using the initials NSA.
FEDERAL COURT RULING RE ECPA
In the January 13, 1988 edition, USA Today reported
That "St. Louis US District Court Judge Roy Harper ruled
federal laws banning wiretaps don't apply to married
couples. Karl Kempf recorded his wife's telephone talks at
home because he suspected an extramarital affair, Harper
said."
If any reader has more information on this astounding
ruling, we'd sure like to receive it. Thanks.
November, 1987
THE SKY IS FALLING! THE SKY IS FALLING!
Many in politics and the media are screaming as
Chicken Little did. The fairy-tale chicken jumped to an
alarming conclusion on very slight evidence, and some high-
profile folks appear to have been doing the same with
regard to the Moscow embassy mess.
First they said that the Marine guards had been
allowing KGB agents the run of our embassy including the
crypto room; now they say no such thing ever happened.
Also, our legislators who visited our new embassy under
construction in Moscow say that it is so thoroughly bugged
that we'll never be able to use it.
A lot of what has been said bears examination and
evaluation by reasonable people. Let's look at some of
what we have been fed by the press.
Washington Post, 1-17-88: "... the Moscow Embassy was
ordered to cease all classified communication with the
outside world and to shut down processing of all classified
information on computer terminals, electric typewriters and
even manual typewriters on the theory that they might have
been programmed by nocturnal KGB visitors to emit telltale
electronic pulses."
Representative Olympia J. Snowe, 4-4-87: "We now have
a secretary [of state] who will be going to Moscow the week
after next and he will be reduced to negotiating foreign
policy in a Winnebago [because the embassy building is not
secure]."
Representative Daniel Mica is reported to have taken a
"Magic Slate" with him to Moscow so that he could
communicate securely while in our embassy.
There have been reports in the press that our new
embassy is one huge antenna.
U.S. News and World Report, 6-1-87 in a story about
the new Soviet embassy in Washington: "... the embassy
looms high enough over all of official Washington to enable
the Soviets to spy with sophisticated photographic and
listening devices on ... White House ... Pentagon ... State
Department ... Congress ... CIA ... FBI ... DIA ... and the
Navy Intelligence Complex."
IS THE SKY REALLY FALLING?
Comments on all of this are invited from all of our
readers. For his part, your editor finds most of it silly
and some of it downright ludicrous.
Can you imagine that anyone would be concerned about
compromising emanations from a manual typewriter?!? Can
you imagine that our technical people would allow our
embassy to be rendered unfit for use by people who have not
even had access to the premises for several years? In what
way does having the embassy made into a giant antenna
compromise communications?
All right, so our State Department insisted that the
Soviets build their embassy on the high ground on Tunlaw
Road instead of in Chevy Chase where the Russians wanted to
go. So what? Because all of those federal buildings are
visible in part from Mt. Alto, does that mean that we have
to stop doing business in the Pentagon, White House, etc.?
Yes, being on high ground does mean that radio reception is
better, but it doesn't mean that the Soviets can spy on
everything done in that long list of buildings, for Pete's
sake!
CALL FOR PAPERS
Although the dates are not yet firm, the decision has
been made that there will be a membership meeting in the
Washington, DC area late this year in conjunction with
Surveillance Expo '88. Your association is sponsoring this
expo, and expects to profit from it. Your participation is
urgently needed.
There will be four tracks with panels and
presentations scheduled throughout the three day period.
The tracks are: Communications Security,
Computer/Information Security, Surveillance Technology, and
Investigations Technology. If you are knowledgeable in one
of these areas, you are invited to suggest a subject for a
talk.
If you do not want to present a paper, but can help
with the planning, we'd like to hear from you right away.
The only pay you'll get for help is some public exposure to
professionals in the field, but that can be very valuable.
DEFENDING SECRETS, SHARING DATA
The title of this segment is the title of a report by
the Office of Technology Assessment of the U.S. Congress.
It is a modern-day classic on the subject of vulnerability
of electronic information to theft. If you work in this
field, or have responsibility for protecting information,
you should have a copy. Order from the Superintendent of
Documents, Government Printing Office, Washington, DC
20402-9325. GPO stock number is 052-003-01083-6. Price:
$8.50 per copy post paid.
Your editor is proud to say that he contributed in a
small way as a contractor to OTA.
THIS IS A PROFESSIONAL?!?
The headline (Washington Post, 1-23-88) reads "Wiretap
Consultant Gets 120-Day Term". The tawdry business that
was being reported on had to do with a man named Eddie T.
Dockery who admitted to forging an invoice, but that's not
the story that is of interest to us.
The real story is that this is the same man who was
hired by DC Mayor Marion Barry to perform "electronic
sweeps". That's right. The mayor of the capital city of
our nation hired this man to perform a professional
service. And what was the "professional" report that was
made to the mayor?
According to the Post, Dockery reported that "he
believed that there was a 90 percent chance that the three
telephone lines into Barry's house were wiretapped and that
the rooms in the house were bugged".
Now we've heard some pretty wild conclusions being
reached by some operators of TDRs, and we're wondering if
that is what this man was using. Or was he just looking
into a crystal ball?
CUTESY COMMENT AWARD
This award goes to William Barden, Jr. who wrote a
book entitled "Shortwave Listening Guide" which is
published and sold by Radio Shack. The cutesy comment
worthy of note appeared in a section of the book relating
to the ECPA of 1986 in which he explains the act and
counsels on how to not become a criminal while listening to
your radio. With regard to the fact that the ECPA makes
intentionally listening to what is broadcast on cellular
phone frequencies he comments, "Evidently some of the
lobbying for the ECPA was done by the Mobile Communications
industry."
In case you have not been following the activity re
ECPA and its aftershocks, let us explain. Radio Shack, the
publisher of this book was one of the principal lobbyists
for the obnoxious provisions of the ECPA which specify
which listening is OK, which is a misdemeanor, and which is
a felony. Further, Radio Shack made a quick fix to their
wonderful PRO-2004 scanner so that it could not be used in
contravention of the law that they helped to write. Yep.
The 2004 cannot now be tuned to cellular frequencies.
Therefore the "Cutesy Comment Award".
(By the way, if you have a PRO-2004 and want to
unmodify it, send us a stamped, self-addressed envelope and
we'll send you instructions on how to unmodify it so you
can listen to cellular.)
QUOTE OF THE MONTH
Milton Berle: "Married fifty years, and we still make
love almost every day. Almost on Monday, almost on
Tuesday, ..."
TO/FROM; CALLED/CALLING
George Threshman contacted us after our last letter
which tried to clear up the confusion between "trap and
trace" devices and dialed number recorders (DNRs). He said
that our explanation led him to believe that a DNR would
identify the calling number. (By the way, the Brits, in
their laws differentiate by using the words "TO" and
"FROM". Smart, no?) This is too important a point for us
to leave any possibility of confusion, so let's try again.
The DNR is a device which is placed across the line of
the calling telephone. It prints out a chronological
record of all telephone activity: date and time off-hook
and on-hook on all calls and digits dialed on all outgoing
calls.
(News note: The DNR from Radio Shack, the CPA-1000,
which we praised in that same letter has been reduced in
price; it's now $79.95. Aren't capitalism and the free
market wonderful?)
YET ANOTHER PRODUCT
Recently we received a letter from Robert Brooks of
Warrensburg, MO in which he made some nice comments about
the ComSec Letter and passed along some interesting
information.
First, Robert, Thanks for the kind words. Hearing a
compliment from time to time really makes this effort
worthwhile. And thanks for your info and questions.
(There will be more on laser techniques and equipment in a
future issue -- and I'm not sure about the facsimile
scrambling product that you recommend.)
Now let's pass on his comments about yet another
product. Robert says, "In recent product literature I
received from Sutton Designs, they advertised an 8-digit
(1.2 GHz) frequency counter for $500.00. If you look in
the inside cover of the November 1987 Modern Electronics
you'll see the same frequency counter (same exact ad --
different company) selling for $99.95. Isn't Sutton being
a little greedy?"
Well, Robert, I think it was P.T. Barnum who said,
"There's another sucker born every minute." It's just sad
that there are firms trying to "con" us all the time. By
the way, I've had other calls on this subject and I seem to
recall that the counter is available for a lower price, and
that Sutton is asking an even higher price. We'd be glad
to hear from anyone, even Sutton Designs, on this matter. December, 1987
BY-LAWS, BOARD, OFFICERS
We've drifted long enough. The current Board of
Directors will meet soon to approve By-Laws, and to start
the process of selecting a new board and new officers.
Information will be coming in this newsletter.
DANGEROUS FOOLISHNESS
According to information in a recent Popular
Communications magazine, the Cellular Telephone Industry
Association, CTIA, not only opposes any effort to force
manufacturers to put warning labels on radio transmitters,
they want to ban the manufacture of equipment that can
receive on cellular frequencies!
It seems prudent to us that the public should be
warned that what they transmit can be heard by others. It
is unthinkable that receiving equipment could be banned in
a free country.
Well, it took from 1968 till 1986 to change the
federal law relating to eavesdropping. The new law has
some improvements, but many strange new provisions. How
long will it take to undo all the harm done by the ECPA?
MAJOR INDEPENDENT TV STATION BUGGED!
We won't identify the station because we don't want to
embarrass them. (However, you'll find their call sign very
familiar.) It seems that a scanner operator called one of
their popular investigative reporters and advised that
there was a radio bug in the station and that a lot of very
sensitive information was being broadcast.
Investigation of the "bug" revealed that floor
directors were leaving their headsets turned "on" after
use. Sound activated (VOX) circuits kept the transmitters
off the air until they picked up conversations with
clients, discussions of secret promotional campaigns, etc.
(Hint, hint. This station just ran an excellent series on
eavesdropping.)
TEMPEST AND COMPUTER SECURITY
From Ray Heslop of the Tempest Division of Atlantic
Research we received a copy of the above captioned article
that had been published in last September's edition of
Government Executive. Our thanks to Ray for thinking of
us. The article intended to wake up corporate America to
the TEMPEST threat and it may have done something along
that line, but it turned us off because of incorrect
technical information.
The first comment on this material relates to a
popular misconception which seems to have been originated
by some of those liberal arts majors who became
journalists. Maybe it's not the fault of the journalists,
but somebody has divided eavesdropping into "active" and
"passive" categories without providing definitions of these
terms. If I understand them correctly, when a man climbs a
pole and bridges from the target telephone line to the
leased line to the listening post, that's not active.
Methinks that the guy who climbed the pole will be
surprised to find out that he was engaged in a passive
activity!
Leaving aside the generic criticism, let's look at
some specific technical information offered in this
article. We'll label the Government Executive comments
"GE", and our responses "CL".
GE. "According to experts, fiber-optic cable is the
best bet because it doesn't emanate as well. However,
fiber optic cable can be tapped easily, and it is difficult
to detect the tapping. Existing coaxial cable can be
protected with metal shielding."
CL. So much for getting expert technical advice from
Government Executive!
All of us know, I hope, that there is no magnetic or
electric field associated with a fiber optic cable carrying
a signal because that signal is light, not electric current
or radio frequency energy. So, in a sense, the author is
correct; it does not emanate as well 'cuz it doesn't
emanate at all. However, when she says it can be tapped
more easily, and the tapping is difficult to detect, she
couldn't be further off the mark. There is no doubt in my
mind that fiber optic cable can be tapped. I just don't
think that it can be done in the field. Consider that a
single strand of cable is 10 microns in diameter and is
covered with cladding that is one micron in thickness. I
can see how this can be handled in the lab, but I really
can't see a man on a pole, handling the cable with gloves
on, with the wind and rain, and so forth, can be expected
to remove the requisite length of cladding without damaging
the glass fiber so that he can fuse another cable to it as
they do in the lab in a jig under a microscope.
And, as for tap detection, it looks like there are
many ways to automatically detect tampering on the fiber
cable, but we don't yet have a way to do the same on a
phone line.
Last, but not least. She says that coax can be
protected with metal shielding. Great idea, but of course,
coax means coaxial; the conductor in the center and the
shield around it share the same axis, therefore, the term
"coaxial". 'Course, if you put another metal shield around
it, we don't know what you would accomplish, but it
shouldn't hurt anything except the pocketbook of the person
paying for it.
GE. This article also says that computer data are
stolen by "highly sensitive bugs, line taps, parabolic
microphones, electromagnetic emanation collection
instruments, and other related devices."
CL. Our own experience is limited, but the methods
listed here don't seem to relate to the practical world
that we live in. However, let's pass this question on to
our readers. How often have you found computer data being
compromised by parabolic microphones or highly sensitive
bugs or anything else specified?
BBS # NG
Shortly after we passed along a new BBS number, we had
a call from Larry Newman who reported that the number from
2600 was no good. Sorry about that.
ComSec Association BBS
Larry has been flirting with the idea of sponsoring a
BBS for the ComSec Association, but he's not sure that he
can bring it off alone. Anybody out there want to give him
a hand? He's in NYC and his phone number is 212-921-2555.
Give him a call if you think that you could help get this
project off the ground.
AT&T INFORMATION SOURCES
The following information was published in
Teleconnect, and we pass it on for those who may be
interested.
Technical Reference Catalog (pub 1000) (lists pubs,
bulletins, etc.) Available from:
Publishers Data Center, Inc.
POB C-738
Pratt Street Station
Brooklyn, NY 11205
Bell Labs Record (magazine). $20 per year from:
Bell Labs Circulation Dept.
Room 1F-233
101 JFK Pkwy
Short Hills, NJ 07078.
EVALUATOR EVALUATION
At the request of one of the dealers and of the
inventor (?) of the Evaluator, we tested the device.
In case you're not familiar with this unit, let us
quote the headline in the ad currently running in Security
Management: "NEW! PATENTED TAP DETECTOR OPERATES 24 HOURS A
DAY".
Based on those words we think that a reasonable person
would conclude that the Evaluator is capable of detecting
telephone taps, and is sold as a tap detector, no?
Well, we tested the evaluator to see if they had
invented something that Bell Labs had been unable to
invent.
The first one that we tested did not detect the Radio
Shack audio amplifier, the butt set, the tape recorder
starter, the sound activated tape recorder, or the tap made
out of about $2.50 worth of parts. It did detect an
extension phone going off hook.
The inventor/manufacturer (?) advised that we might
have received a faulty unit, and also that we should leave
the tap on for three to five minutes because that's how
long the detection process sometimes took.
So we tested the new unit while timing our taps by
dialing the time message from the phone company. We
recorded for at least five minutes while tapping
sequentially with the same pieces of equipment. Again, it
failed to detect anything but an extension going off hook.
Since then, we've been promised that we would receive
a new unit for testing. That promise goes back several
months, so don't hold your breath for our updating story.
SURVEILLANCE EXPO
We're trying. Spent innumerable hours talking with
two Sheraton hotels in the DC area, only to have them
change the terms when it was time to sign the contract.
Wasted time.
Any member with experience in this arena will be
welcomed with open arms. Help!

Reference in New Issue View Git Blame Copy Permalink