Computer Privacy Digest Fri, 15 Jul 94 Volume 5 : Issue: 006 Today's Topics: Moderator: Leonard P. Levine Re: Video Camera on Utility Poles Re: Video Camera on Utility Poles Re: Video Camera on Utility Poles Re: Callerid and the FCC Cellular phone risks/privacy The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@uwm.edu and administrative requests to comp-privacy-request@uwm.edu. Back issues are available via anonymous ftp on ftp.cs.uwm.edu [129.89.9.18]. Login as "ftp" with password "yourid@yoursite". The archives are in the directory "pub/comp-privacy". Archives are also held at ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: tnyurkiw@lagrange.uwaterloo.ca (Tom Yurkiw) Date: 14 Jul 1994 11:25:57 -0400 Subject: Re: Video Camera on Utility Poles Organization: University of Waterloo To me, the issue of video cameras **hidden on utility poles, is completely different than the question of **visible cameras in public places. A person standing on a side street in the middle of the night has an expectation of privacy, wheras a person in the town square with 8 cameras pointed at him does not. ------------------------------ From: "Prof. L. P. Levine" Date: 15 Jul 1994 07:53:55 -0500 (CDT) Subject: Re: Video Camera on Utility Poles Organization: University of Wisconsin-Milwaukee [moderator: This is the first time I have commented on the content of a posting as moderator. The following posting, by John De Armond discusses a technique for disabling TV cameras and then addresses the limits he chooses to place on actions to protect his privacy and anonymity. The first of these two issues (disabling cameras) belongs in alt.vandalism.tv.cameras, if it exists. I will not post followup material that deals with this. We already are aware that cameras can be disabled with sling shots, b.b. guns, spray paint and rifles and new technology here is not for our forum. The second of these issues, on the other hand, is grist for our mill. The question of how far we should go to protect privacy or anonimity is appropriate to our discussion. Should I give a false telephone number to Radio Shack to avoid their mailing list? Should I give false information to a political survey? Should I give false information to the Census Taker? Should I distroy someone else's property if it intrudes on my private space? These questions are posed in the following posting and can be profitably addressed by us. Finally we should note that the nature of eMail forces us to question if the name "John De Armond" is real or a pseudonym. It might even by be used by an enemy of Mr. De Armond to get him in some sort of trouble. We must carefully separate the message from the messenger and address only the content.] ---------------------------------+----------------------------------------- Leonard P. Levine | Moderator of: Computer Privacy Digest Professor of Computer Science | and comp.society.privacy University of Wisconsin-Milwaukee | Post: comp-privacy@uwm.edu Box 784, Milwaukee WI 53201 | Information: comp-privacy-request@uwm.edu | Gopher: gopher.cs.uwm.edu levine@cs.uwm.edu | Mosaic: gopher://gopher.cs.uwm.edu ---------------------------------+----------------------------------------- ------------------------------ From: jgd@dixie.com (John De Armond) Date: 14 Jul 94 21:09:47 GMT Subject: Re: Video Camera on Utility Poles Organization: Dixie Communications Public Access. The Mouth of the South. cntrspy@netcom.com (Executive Protection Assoc) writes: [re surveillance cameras] Actually they can be had for as little as $5K for the Telco splice boot and about $10-12K for the transformer. Pan tilt and zoom are Here's a bit of information that may be useful to anyone who thinks they are being surveilled. In playing around with my vidicon-based security cameras, I discovered that my pocket laser pointer will permanently burn white spots on the vidicon whereever it hits. Recall that these devices are very low power, eye-safe lasers. After learning this, I CAREFULLY experimented with a CCD-based camera. My laser pointer will not obviously damage the image chip (these cameras are too expensive to experiment much with) but it WILL make the whole picture flare out until the camera AGCs down to black with a bright dot. I suspect that the more powerful 1-5 mw HeNe lasers commonly available on the surplus market WOULD damage the image sensor chip. from this it became obvious to me that it is trivially easy to defeat and/or destroy a surveillance camera if you can see the lens. In order to do the deed, it is necessary to actually hit the lens with the laser beam. A set of binoculars is handy for spotting this, as is a tripod mount for the laser. In order to thoroughly whack the vidicon, it is necessary to "paint" the lens from top to bottom across its entire width. If one desires only to flare out the video without necessarily whacking the camera, one need only to shine the laser in the lens. One needs to be within the field of view of the camera, of course, and the closer to on-axis one can get, the better. Some covert experimenting has indicated to me that a 5 mw HeNe laser will whack a vidicon camera at a distance of 1/2 mile or more. For true infrared cameras, an infrared laser diode with suitable optics should do the deed. It is a little known fact that CCD cameras will image infrared very efficiently, particularly when equipped with an IR lens, so such a camera can be used for aiming the laser. Near IR cameras, those typical of inexpensive "IR surveillance cameras", are really simply conventional cameras with an IR transmissive lens. These can be whacked with either a visible or IR laser, depending on the specifics of the lens. A little experimenting is usually in order. Oh, and in case it isn't clear, yes I am advocating destroying cameras that belong to others. Just consider it a bit of direct action against those who (attempt to) invade my privacy. And no, I don't accept the premise that I and other ordinary people must submit to surveillance to facilitate catching an occasional criminal. -- John De Armond, WD4OQC, Marietta, GA jgd@dixie.com Performance Engineering Magazine. Email to me published at my sole discretion Respect the VietNam Vet, for he has survived every attempt by this country to kill him. ------------------------------ From: RATHINAM@INS.INFONET.NET Date: 14 Jul 1994 9:45:19 -0500 (CDT) Subject: Re: Callerid and the FCC L. Levine said: At this moment it seems that the issue of privacy is no longer being addressed, the question of costs seems to be the only question open now. It is becoming clear that equipment is becoming available (for $70 or so?) that will force your phone to dial *67 every time you pick up the handset, so per line blocking between the states will be possible if you wish to buy back your privacy. It seems the whole idea of Calling Number ID is thought of with only one thing in mind : To make money for the telephone companies. Nothing is wrong with making a profit for the business, but there *are* a few issues that need to be considered and addressed adequately. Look at where we are: (a) you can get CNID for a monthly charge to the telephone company (b) You need to buy a box/phone with the capability (from telephone company or third party) (c) You can get an 'unlisted' number for a monthly charge (d) You can get someone else's unlisted number if he/she calls you, if you have CNID - and blocking that will a box/phone with special feature (and I am sure you can buy that from the phone company too, in addition to third parties). I bet if the FCC and consumer groups/PUCs are napping, the phone companies would have offered blocking (per call, and per line) for a per call/monthly fee. Also, phone companies do not seem to be earnst in implementing the per line blocking. When I lived in AZ, I sent in the card asking for per line blocking and it was NOT implemented . I found out by accident and called them and told them there will be consequences if they don't block my line immediately (it took them a day or two after that to block it). Arizona Corporate Commission wrote to a lot of people to inquire about CNID implementation and line blocking and any problems experienced by consumers (I don't know what became of that investigation, but it seems many people experienced the "my line is not blocked even though I sent in the card/called the 800 number and logged that I should have line blocking"). I am not against CNID as such, but the phone companies should be required to line_block for free - and *67 should NOT be a TOGGLE of blocking, it should turn it OFF for the call on any line. They should have a different sequence for turning CNID ON on a blocked line for the duration of one call. If you have any influence, you might want to bring up these points before the FCC. Also, I believe a lawsuit has been filed by some states against the present FCC ruling saying Unlisted numbers are to be unblocked and displayed. ------------------------------ From: "Prof. L. P. Levine" Date: 15 Jul 1994 10:48:41 -0500 (CDT) Subject: Cellular phone risks/privacy Organization: University of Wisconsin-Milwaukee from Risks-Forum Digest Thursday 14 July 1994 [16:24] Forum on Risks to the Public in Computers and Related Systems ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator From: "Brown, Phillip" Date: 14 Jul 1994 18:01:30 -0400 Subject: Cellular phone risks/privacy One more contribution on the use and abuse of cellular phone technology, if the forum can tolerate it. As a technology planning engineer in the trade, I find the amount of ignorance-fueled fear of telephony and the vast amount of misinformation on cellular telephony in particular to be a source of constant amusement (but hey, I'm easily amused :). I'll address some specific remarks from earlier contributions first, then raise the noise floor another few dB with my own views. Willis H. Ware writes: If cells get smaller in the future, then the precision of location will increase ... In a subsequent issue of Risks, Lauren Weinstein writes: If you read your phone bill inserts carefully, you may have already received a notice allowing you to choose whether or not you want your called number information released to VENDORS of telecommunication services! The concern about monitoring is justified only up to a point -- remember, the only reason for this information to be saved is because it has value to someone. Wireline telcos long ago abandoned detailed billing, and today don't even retain that information unless required by a government agency; the cost of collecting and storing this tidal wave of data is still too prohibitive to make it useful on an everyday basis (this is a situation I don't see changing in the foreseeable future, either). The cellular phone industry, on the other hand, has employed detailed billing from its infancy, for reasons driven both by customer needs (why did this call cost so much?) and economies of scale (the processing needs have been orders of magnitude smaller than what is required by our wireline brethren, and at the same time the silicon revolution has made low to midrange computing power cheap -- many smaller cellular phone companies still do billing on a single PC!). So, for instance, seeing LA reporters with copies of OJ's cellular phone bill are no surprise at all, given that the information is readily at hand and the weakest security link in a system is usually the human operator. For all the high tech, gee whiz methods of obtaining cellular phone IDs, the most common way is still for unscrupulous sorts to bribe or blackmail company insiders into sharing lists of valid subscribers. In the case of a large company like AirTouch (or my own), a corruptible someone with access to subscriber data can probably also get billing data. Robert Morrell, Jr. and Bob Frankston pointed out different aspects of the risks of eavesdropping on cellular phone conversations (Mr. Morrell made the point that it is incumbent upon the user to ascertain and protect his level of privacy, and Mr. Frankston pointed out the fallacy of comparing wired and wireless technologies from a privacy perspective). The so-called security of the wired telephone is conceptually similar to "security through obscurity" in that it is the medium itself that makes listening to an otherwise unencoded communication difficult. It is something that virtually no phone user has thought about but takes for granted anyhow. I could agree with Mr. Morrell's extreme-sounding position if there was some assurance that once the user body was educated about the risk and began demanding truly secure communication (which I believe will happen eventually) the option was still available. Right now the US government is trying to usurp the issue while the body politic is still ignorant, and I see that as a violation of the public trust. BTW, several companies make scramblers for analog cellular phones (which work in conjunction with a companion device on the target phone, either wired or compatible cellular). The big drawback to these is that they must do most of their cryptographic work in the frequency domain, and 3300 Hz is not a lot of bandwidth to play in. On the general issue of location tracking, I think the greater concern should be with real-time monitoring. I can sit at my desk today and find out which cell sites in our network any given phone number has placed calls on for the last 24 hours (after which time the data is rolled off into oblivion but continues to be available offline in printed detailed billing reports). But, as has already been correctly pointed out, this information is highly imprecise. Triangulation can be employed with a greater degree of precision (within a few hundred feet at best), but not consistently enough to be reliable. Data from technologies such as GPS must be transmitted in-band, so it is useless to the phone company unless the receivers are integrated into the network. However, I can't -- and probably won't ever be able to -- get any of the same information from a competitor, because that type of data is highly competitive in nature. No competing carriers will share that information with one another, nor will they be enthusiastic about providing the data to a clearinghouse where it might be generally accessible. So in this case competition is our friend. In any event, every large cellular carrier is already performing real-time network monitoring, and using called number information to get to the weak human link is probably more effective for law enforcement anyhow. Phil Brown GTE Mobilnet pdb540@gtehq7.mail4.gtemc.sprint.com ------------------------------ End of Computer Privacy Digest V5 #006 ******************************