Date: Tue, 26 May 92 16:31:19 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V1#035 Computer Privacy Digest Tue, 26 May 92 Volume 1 : Issue: 035 Today's Topics: Moderator: Dennis G. Rears Re: Cordless Phones Re: Cordless Phones Re: Cordless Phones Some technical corrections (was Re: cordless phones) Databases Re: California Drivers Lic & SSN Call waiting and Caller ID One-Party Consent in Washington State AmEx Settlement Re: CallerID Decision Re: PBX monitoring The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.200]. ---------------------------------------------------------------------- From: RICHARD HOFFBECK Subject: Re: Cordless Phones Date: Fri, 22 May 1992 15:38:00 GMT > > How would someone go about doing this? If my neighbor and I both > > have cordless phones, why is it that when I pick mine up I don't > > home-in on their conversation? Do my headset and cradle communicate > > in some encrypted format (like some wireless LANs)? How does the FCC > > handle all these different phone companies who want to make cordless > > phones? Can you run out of frequencies? > > Each cordless phone communicates with it's base via a particular frequency. > If by chance your neighbor's and your cordless phones both operate on the > same frquency (possible but statisticly improbable) you could answer his > calls with your handset and vice versa. Most certainly there are duplicate > frequencies out there, just as somebody out there has the same door key as > you do..... However, the chance of both you and your neighbor having the > same > frequency is again very low. > It looks like some facts might be helpful :-( Actually there are only 10 frequency pairs allocated for cordless phones in the 48/48 Mhz range, and this is the most common type of cordless phone. Consequently, the probability of you and your neighbor having the same frequency is 1 in 10. The security features on these phone is primarily directed to keeping someone from getting access to your dial tone from their handset, but does absolutely nothing to prevent them from listening to your conversation. BTW, these frequencies are also shared with baby monitors and the likes. For the more security minded there are two out of the box options that I'm aware of to date. Motorola makes a phone that uses an inversion scheme to mask the the conversation. I've heard that it is available from Sears among others and is priced in the $100 to $200 range. I believe that it still operates on the 10 channels in the 46/48 Mhz range. While the scrambling will keep your conversations safe from the typical scanner owner, it is a trivial exercise to reinvert the audio and recover the original conversation. The FCC has recently opened up a section of the 900 Mhz band to use with cordless phones. I've seen ads for a new unit that digitizes the audio and encrypts it before transmitting. This should be very secure against all but the most technically inclined listener, i.e. NSA. The error correction built into the digital scheme should also provide a cleaner sounding unit. I don't have the ad handy, but I think the company was VTech in Beaverton, OR. The price I heard quoted was in the $250 to $300 range. > Cellular phones are a slightly different case. Each phone is registered on > a > network, just like your computer is, and is given a unigue address on that > network. Your cellular phone will only work on that one network, not on > the > one in the nextdoor. Note the difference with cordless phones. You can > plug > a cordless phone into any active phone jack and dial out, and anyone > knowing > the address of the jack can dial in. But cellular phones transmit in the clear in the 868 - 894 MHz range which makes it a trivial matter to listen in on conversations. Listening in on a particular conversation is somewhat more difficult but far from impossible. Most upper end scanners ($200 and up) can cover the cellular band either directly of via image reception, and most are easily modified for direct use. Modifying my Bearcat 205XLT took about 10 minutes and a friend recently modified his Radio Shack PRO-2006 in about half that time. Again, the cellular providers are moving toward digital modes to crowd more conversations into the existing bandwidth. Digitizing provides a good deal of privacy and encrypted digital can be made very secure from the average and above average listener. In addition, some providers will provide you with encrypted cellular today for an additional monthly fee. > Tapping of cellular phones is illegal because it implies requires that an > effort be made to determine someones address and tap into it. Cordless > phones > are much easier to tap. A cousine of mine was able to pick up a neighbors > cordless phone on his walkie talkie that his parents bought at sears. > Basicly, cordless phones do not utilize any private addressing, which is > why > there are no laws prohibiting their tapping. Again, I don't need to know your unit's internal ID number to listen in since the transmission is in the clear. The main reason that it is illegal to listen into cellular is that the industry has spent millions of dollars lobbying Congress to make it illegal. Since cordless manufacturers don't collect a monthly fee, they don't have the cashflow necessary to buy a similar law. > One final note, cellular phones aren't as secure as we would like to think. > A friend of mine often picks up cellular phone calls on her shortwave > radio. Since shortwave runs from .5Mhz to 30 Mhz, it isn't likely that she was listening to cellular at 860 Mhz, but there is a good deal of ship-to-shore traffic on shortwave. Its a trivial matter to listen to cellular. In fact, since the current cellular frequencies were assigned to the upper channels of the UHF television band, you can even listen in by tuning an older TV to the channels from 78 to 83. There is a book that describes the various radio/phone combinations, i.e. cordless, cellular, marine, ship to shore, etc. If there is any interest, I can post the reference. --rick +-----------------------------------------------------------------+ | Richard Hoffbeck INTERNET: rwh@moose.cccs.umn.edu | | Colon Cancer Control Study Packet : n0lox@wb0gdb.mn.usa.na | | University of Minnesota CIS : 72406,521 | | Minneapolis, MN 55455 Genie : rhoffbeck | | (612) 627-4151 | +-----------------------------------------------------------------+ ------------------------------ From: "Life..." Subject: Re: Cordless Phones Date: Sat, 23 May 1992 17:34:36 GMT lemson@ux1.cso.uiuc.edu (David Lemson) writes: >Beware "Digital security". This means that it has the codes so that >no one can pick up your line (at least not easily). Most likely, >the voice transmissions are still analog. Anyone can buy a scanner >at Radio Shack and listen in to those frequencies. I have picked up >cordless phones up to a mile away with a handheld radio shack (old) >scanner. > >BTW, in most states, it is not illegal to listen to cordless phone >calls. It is, however, a felony to divulge information to anyone >else about what you heard. >(It is illegal to listen to cellular conversations, though). The local cable company (CableVision) has problems with noise on channels 19, 20, and in some places 21. The cableco _says_ there's nothing they can do about it. Sometimes the reception is so bad on the stations that the TV will actually tune into the noise. The noise is caused by Lincoln Cellular's pager system, and when the TV tunes into it, you can hear the voice pager messages clearly. So who should be charged with the crime of listening to the cellular bands? The people who are trying to tune into VH-1 and getting them instead, accidentally, or the cableco who can upgrade their equipment to prevent this from happening? Would they legally be required to do so? >David Lemson (217) 244-1205 >Internet : lemson@uiuc.edu UUCP :...!uiucuxc!uiucux1!lemson >NeXTMail accepted BITNET : LEMSON@UIUCVMD -- /// ____ \\\ | CAUTION: | |/ / \ \| | | Avoid eye contact. In case of contact, flush \\_|\____/|_// | mind for 15 minutes. See a psychiatrist if \_)\\/ | irritation persists. Not to be taken gberigan `-' cse.unl.edu | seriously. Keep out of sight of children. ------------------------------ From: The Jester Subject: Re: Cordless Phones Date: 23 May 92 21:02:16 GMT In article none@gmuvax2.gmu.edu writes: >In article , >jangerma@magnus.acs.ohio-state.edu (Jake Angerman) writes: >> >Each cordless phone communicates with it's base via a particular frequency. >If by chance your neighbor's and your cordless phones both operate on the >same frquency (possible but statisticly improbable) you could answer his >calls with your handset and vice versa. Most certainly there are duplicate >frequencies out there, just as somebody out there has the same door key as >you do..... However, the chance of both you and your neighbor having the >same frequency is again very low. TOTAL COMPLETE ABSOLUTE NONSENCE! I own a panasonic two channel cordless telephone. There is an AT&T cordless on another line in the house and our neighbors own their own cordless phone. The AT&T and our neighbors phone each have only one channel. Guess what? The AT&T is my channel 1 and the neighbors are on my channel 2. If I want to listen in on either I just turn my phone on! when the AT&T phone rings I can hear the ring through my handset (it doesn't actually cause my phone to ring). If my phone is on channel two and my neighbors phone rings, SO DOES MINE! The only reason they can't call through my handset is because panasonic uses a code between the handset and the base which tells the base that this handset is authorized to call out. In addition, if I forget to change my phone off channel 2 I often can't even answer a call from the handset because of interference from the neighbors. I have to run upstairs and touch the antenna from my handset to the base in order to answer the call. So don't tell me about statistical probabilities. Either I just hit a probablity so low that I'd have a better chance of winning the lottery or your just plain wrong. The Jester -- For some reason unintelligible to me, Lord Acton's dictum that "Power tends to corrupt and absolute power corrupts absolutely" is rarely raised in connection with judges, who...possess power ..that comes [close] to being absolute"-Judge Bork ------------------------------ From: Charlie Mingo Date: Fri, 22 May 1992 18:28:10 -0500 Subject: Some technical corrections (was Re: cordless phones) John Stanley writes: > No, "tapping" of cellular phones is illegal because the cellular phone > companies chose to lobby Congress to make it illegal in an attempt to > maintain some vestige of privacy where there really is none. Either that, or Congressmen (who, after all, tend to be heavy users of cellular phones) decided they didn't want their own private conversations intercepted, and decided to discourage tapping by making it a felony. And if you don't think that the ECPA discourages cellular eavesdropping, just ask Senator Robb, whose aides have already gone to jail for doing this (and who may join them there himself). Maybe they thought the law was "unenforcible." > Basically, cordless didn't have as good a lobby as cellular. Either that, or Congress decided that there were so many different manufacturers, each with a differing level of security, that it was impractical to try to develop a common rule. Or maybe not enough Congressmen were cordless phone users. ------------------------------ Date: Fri, 22 May 92 15:14:10 EDT From: Brinton Cooper Subject: Databases Conrad Kimball discusses personal privacy: > Some of the Scandinavian countries are trying. Collectors of > information must notify those who are in the databases, I think, along > with some other restrictions or rights of the individual that I don't > remember now. As another individual, I have some questions. What constitutes a database? I keep my Christmas card list on an old workstation at home and print pre-addressed gummed labels every year. Is this a database? Would it fall under regulation in those countries? What about my address book? It looks like a database... Does a computer have to be involved? Why? My other concern is Constitutional. When does your right to privacy conflict with my right to freedom of expression (barring libel and slander, of course)? DISCLAIMER: The foregoing has nothing whatever to do with my employer. _Brint ------------------------------ Date: Fri, 22 May 92 16:15:07 PDT From: Mark Bell Subject: Re: California Drivers Lic & SSN Well, since we're on driver's licenses... California now seems to have a law that one has to submit a Social Security number for driver's license renewal. Does anyone have any advice on how this can be avoided? What if one is a minister who has taken a vow of poverty and doesn't have an SSN? Mark Bell [Moderator's Note: I think it would be very tough in today's times to state one does not have a SSN. The only possible exception being a recent immigrant. _Dennis ] ------------------------------ From: "Darren E. Penner (Dokken" Subject: Call waiting and Caller ID Date: Sat, 23 May 1992 09:47:08 GMT Just a note to the uninformed people spreading all sorts of rumers about call waiting and caller ID. You WILL NEVER see the number from a person if you are using the line. This is becuase the callers ID is sent between the First and Second Rings. Now if you are familar with call waiting, the phone does NOT ring, it just beeps, an entirely different notification technique. Also note that it happens AFTER the first ring, so you can not tell in advance who is calling. As for the Thread about call waiting and computers.... If your company is up to the level of offering caller ID I can garantee you you can DISABLE call waiting on a call by call basis. Thus if I am expecting an important call, and do not care about being dumped I leave call waiting on. Or more often, the computer link is more vital, I disable it in my ATDT string. (Our exchanges use *77, but it may differ in some areas) Minor Flame: PLEASE make at least a semi informed post, UNLIKE >>>I think that it might work this way >> No I think you are wrong. > I think he is right, but I have never seen it, or know of anyone who has it! As the above thread was running. PS: I use ALL of the new phone services and value them greatly. -- ------------------------------------------------------------------------------ Darren E. Penner | dpenner@ee.ualberta.ca | Opinions are my KWM Consultants Limited (Work) | alberta!bode!dpenner | own unless stated U of A, Edmonton, (University) | Phone No. (403)-481-8785 | otherwise. ------------------------------ Date: Mon, 25 May 92 11:49:42 -0700 From: Peter Marshall Subject: One-Party Consent in Washington State This state's interception statute, generally considered to be one of the most progressive, typically requires consent of both parties for lawful interception of communications. However, the Legislature, after earlier efforts had failed for a few years, mamaged to carve out an exception for the "war on drugs," one' might say. More recently, an exception "had" to be created for CallerID, if a proposal had been approved by the PUC. More recently, according to a 5/22 SEATTLE PI article, the "war on drugs" exception was upheld by the State Supreme Court, which also managed to decide in what was termed a "related matter," that "innocent people inadvertently recorded during a legal telephone intercept have no grounds for claiming invasion of privacy unless they can show real harm. The latter case involved a civil action alleging the Bellingham PD had violated a woman's right to privacy by recording "her brief conversation with officers trying to contact her father." The beat goes on...? Peter Marshall ------------------------------ Date: Mon, 25 May 92 11:00:39 PDT From: peter marshall Subject: AmEx Settlement "American Express Privacy Accord Could Become a Model," according to a 5/14 WA POST article appearing that date in the SEATTLE TIMES. In a 5/13 agreement with the NY State AG's Office, AmEx agreed "to inform its 20 million cardholders that it tracks their buying habits to compile marketing lists that it sells to other merchants," and also said it "would make clear to cardholders that they may 'opt out' of such lists." The POST said the agreement "could become a model for privacy protection across the country." The article pointed out that "The settlement underscores how, to an ever-increasing extent, computers allow lenders and merchants to collect information about their customers, and potentially use it for purposes other than simply tracking a transaction for billing purposes." The POST suggested that the AmEx settlement is thought to be the first of its kind involving a credit-card issuer, and that AmEx seems to be one of the most advanced users of such technologies. NY AG Abrams stoated that he's proposed a new law requiring credit grantors to disclose marketing uses of information and providing an "opt out" choice for such customers. -- Peter Marshall(rocque@lorbit.uucp) "Lightfinger" Rayek's Friendly Casino: 206/528-0948, Seattle, Washington. ------------------------------ From: Peter Marshall Subject: Re: CallerID Decision Date: Mon, 25 May 92 11:36:36 PDT Replying to Mr. Rudd's observations of 5/15 on this earlier post; as the title of the original article in question here was rather misleading, so were some of the reactions to the posted version of this piece. In the first place, the article actually refers to a PUC rulemaking, and not to any proposal by a telco. Further, that rulemaking was intitiated to preserve the PUC's freedom of action as against the Biden-amended Kohl bill's preemption provisions. Re: the reference to public input at the earlier series of public meetings held by the PUC; the preponderance of that input was as described in the article, and yes; there was input reflecting "called parties rights;" which, however, was outweighed by other opinion at these meetings. On the other hand, it is the case that this rulemaking did not cover "block- the-blocker" options, nor did it intend to; the assumption being that such questions could be dealt with on a subsequent case-specific level. In summary, if one wants what the poster seems to want, then it would seem one is best advised not only to get their information straight, but to use opportunities for public participation, rather than simply whining, not only after the fact, but out-of-state, to boot. ------------------------------ From: allens@yang.earlham.edu (Allen Smith) Newsgroups: comp.org.eff.talk,comp.society.privacy,misc.legal Subject: Re: PBX monitoring Date: 26 May 92 04:59:10 EST References: Followup-To: comp.org.eff.talk,comp.society.privacy,misc.legal,alt.security From alt.security: In article , bbs.ruscal@tsoft.sf-bay.org (Russel Mar) writes: > There are rumors at a local fortune-500 company that their division is > monitoring voice comunications. My recollection is that this is illegal > unless notified. I believe that the intention is to uncover industrial > espionage by employees talking to competitors. > > Question: Is this considered illegal (State of California), and is there > legal presedant one way or another ? > > On a related note, I believe that unless otherwise guranteed, electronic > comm channels (E-mail, modems, net traffic) are NOT considered private by > a company. Does this hold also for FAX communications ? I would assume > so. ------------------------------ End of Computer Privacy Digest V1 #035 ******************************