ComSec Letter Editor: James A. Ross YOGO 2 1986 COMSEC LETTER The ComSec Letter was started in 1984, The Year Of George Orwell, by Jim Ross. Initially it was mailed at no charge to everyone on his mailing list, and it was later offered by subscription. After the founding of the Communication Security Association, the letter became its official organ. In 1989 the association decided to create a new organ, Comsec Journal; and, in order to minimize confusion, the name of this letter was changed to Surveillance. What follows is an edited version of the contents of one year of the letter. (The letter has been edited to remove topical, superfluous, and outdated items.) Ross Engineering, Inc. 7906 Hope Valley Court Adamstown, MD 21710 Tel: 301-831-8400; Fax: 301-874-5100 January, 1986 THE COMSEC ASSOCIATION COMMUNICATIONS SECURITY ASSOCIATION, MEMBERS-ONLY NEWSLETTER The Board of Directors has decided that, starting in January, the COMSEC LETTER will become the official organ of the association. Subscriptions currently in force will be honored, but no further independent subscriptions will be accepted. Membership dues in the Comsec Association are: Individual Professional USA, Canada, Mexico $50 per year Other Countries $70 per year Student (send proof of status) $10 per year Membership applications and other questions to; CSA, Membership Services POB 3554 Frederick, MD 21701-0904. BOARD OF DIRECTORS The Comsec Association was formed with three directors, Arnold Blu menthal, James A. Ross, and Craig Silver. Once underway it became apparent that Craig, the lawyer who handled the incorporation, might find himself in a conflict situation so Craig resigned and became our counsel, and Ken Taylor was elected to the vacant directorship. Shortly we expect to modify the by-laws to provide for more direc tors so that we'll have more people helping to guide our growth. Many of our early supporters have indicated an interest in working to develop the association, and we expect to take advantage of their willingness to serve. We'll keep you informed. MEETINGS, 1986 In 1985 we contracted with a conference organizing firm to manage COMSEC EXPO '85, but we plan to do things differently in 1986. Cur rently there are plans developing for two meetings which will be joint efforts between the national organization and local chapters. At this writing, we have heard from Paul Bowling and Gene Smith in the Washington, DC area and Ben Harroll in California in this regard. Please contact one of these people if you can participate. THANKS To all of the volunteers whose hundreds of hours of unpaid effort contributed to the great panels at COMSEC EXPO '85: THANKS LAWS As the laws relating to COMSEC are tested, we'll try to keep you advised, and we encourage you to mail in information relating to the testing of the laws -- newspaper clippings from all over would be very helpful. On the question of expectation of privacy, for instance, the US District Court for Connecticut recently ruled that you do not have a Fourth Amendment right to privacy while engaged in a private conversation on a public street (United States vs. Lopez, US District Court for Connecticut, H-84-31, 6-7-84). So we're back to the question of whether an individual has an expectation of privacy, and this court thinks that you have no expectation of privacy on a public street. Seems reasonable. Now let's consider another public place such as a restaurant. Do you have an expectation of privacy there? How about when you make a phone call? SECURITY ACADEMY Ken Taylor is proceeding apace with plans for the Security Academy to be located in the Miami area. The objective is to establish a training and education facility which will offer courses on every aspect of security. If you have any ideas along this line, yer ol' ed would sure like to hear from you. DID YOUR EDITOR GOOF? He's afraid that he did. In trying to figure out what the new privacy law means your ol' editor jumped to a hasty conclusion which was wrong! Here's what happened. The new law says the old law heading should be amended by adding "AND OTHER ELECTRONIC COMMUNICATION" after "WIRE". Your ed assumed that the new wording would be "WIRE AND OTHER ELEC TRONIC COMMUNICATION". Seems reasonable, even now. However, it's not correct. Really, one with as many years and gray hairs as your editor should not have to be reminded to "RTP", but that's the case here. (RTP means "Read The Problem".) (Probably it should be amended to be RTPS for "Read The Problem Stupid"!) Read exactly, the instruction says to add the new words; it does not say to substitute the new words for the ones that used to follow "WIRE". And there's the rub. The old words are still there, and the proposed law does not remove protection of oral communication as had been published earlier in this letter. Sincere apologies to all who were misled. The proposed new law, however, has many faults. Read "Monitoring Times" or "Popular Communications" for their points of view. Read COMSEC LETTER for your editor's point of view, and those of any mem bers of CSA who care to write in on the subject. DID YOU FORGET? Subscriptions do expire. All good things must come to an end, but you can renew this good thing by joining (or renewing your member ship in) the Communications Security Association. INTERESTING PRODUCT Each time we show this product at our seminar it commands a great deal of attention. It's called a binaural amplifier, and was recently on sale at your nearby Radio Shack for $21.95. It is about the size of a pack of cigarets, although much thinner. It contains two microphones and amplifiers, and provides binaural sound. Our investigator friends see great potential in this tiny device. Title III? We don't think so, because its design does not render it primarily useful for surreptitious interception of oral or wire communications. Two part numbers: 33-1091 & 33-1000. MONITORING TIMES Bob Grove, editor of Monitoring Times, suggested a few issues ago that it might be a good idea for short wave listeners to collect information to help the FCC find the bootleggers (no, not the kind who run moonshine; he was referring to the kind who transmit illegally). The response to his editorial suggestion was really surprising. Most people who responded acted as though bootlegging was as American as apple pie. They seem to take the position that breaking the law is a traditional right enjoyed by all true Americans. What kind of a generation have we spawned?!?!! ANOTHER NEWSLETTER Recently one of our occasional anonymous contributors sent us a copy of a newsletter that is new to us. It's called YOUTH ACTION News. The address is: POB 312, Alexandria, VA 22313. (We searched, but found no subscription information.) Some of the letter's headlines might give you an idea of its content: "DIABOLIC SOVIET WARFARE" "SATANIC SOVIET BIOLOGICAL WEAPONS" "SOVIET MIND-CONTROL ATTACKS AGAINST THREE US PRESIDENTS" "ELECTRONIC MIND-ZAPPING WEAPONS" "SCIENTIFIC DOCUMENTATION ON SOVIET WEATHERWAR TECHNIQUES" "SOVIET USE OF SCALAR INTERFEROMETRY" "FREAK US WEATHER, EVIDENCE OF USSR TESLA-STYLE WEATHERWAR" Despite this letter's use of some undefined terms (scalar interferometry, Tesla-style magnifying transmitters, airquakes, cold explosions, low frequency emissions with psychoactive characteristics, etc.), and its scare headlines, it does contain something which seems to be worthy of consideration -- if the facts are correctly reported. The part of the letter which intrigues us is the report, by various qualified observers, of "cold explosions". According to the newsletter, people on five different airplanes reported seeing a giant mushroom cloud 180 miles off the coast of Japan on April 9, 1984. One of the observers was a pilot with B-47 and B-52 experience, and he reported that there was no flash of light associated with the mushroom cloud which rose to an altitude of 60,000 feet and was 150 miles wide. Other observers reported similar sightings at other times and locations. Certainly such events should have been reported in the press, but we saw nothing about it. Can any reader of this letter shed any light on this? Can any reader of this letter shed any light on the YOUTH ACTION News newsletter, or its sponsoring organization? CORRECTION In our YOGO 1.09 issue we listed various sources of information about telephones, and we've heard back from one of our subscribers that one of the addresses is no longer valid. So, if you want to correct your records, strike the following address: Western Electric Company, IDC Commercial Sales, Box 26205, Indianapolis, IN 46226 TAP People keep telling us that TAP is dead. Somehow we think that it will start up again. If you are a subscriber, you may yet see some more issues. FEEDBACK From Joe Wilson Elliott (via several phone calls, paraphrased): Q. "COMSEC EXPO '85 and your COMSEC LETTER seem to be getting into areas other than countermeasures, and that's what they are supposed to be concerned with. Too much on data, and computers. What we're interested in is bugs and taps and countermeasures." Don't you think that you ought to stick to TSCM? A. Well Joe, when this letter first started, we called it COMSEC LETTER because that is the subject that we were writing about. Somehow though, in these past two years, we've discovered that it is next to impossible to draw a line between protection of information in transit and information in storage. In the old days, stored information was in the form of paper documents (mostly), and if the documents were stolen, an inventory would reveal the loss. If the bad guy wanted to steal secrets without leaving a telltale void behind, he photographed the documents. The other method of stealing secrets covertly was to plant a bug or tap a telephone; and the TSCM profession was spawned to try to protect against these electronic threats. Now, so much information is stored electronically, and so much of it is accessible by telephone from anywhere, that there is an immense new problem, e.g., a major theft can take place, and there is no way to determine what was taken -- or even that a theft occurred. It seems reasonable that those professionals who worked to detect bugs and taps should extend themselves to provide protection against theft of all types of information. Consider this: Information copied from a floppy disk or hard disk in seconds is equivalent in volume to the amount of information which could be collected by a tap in a few years -- if the tapper is lucky. Don't you think that information that is in digital form is worthy of professional protection as well as information that is being transmitted by voice in analog form? February, 1986 RECENT EVENT WITH A MORAL TO IT Recently in a large east coast city a debugging team was diligently searching for communications compromises. As they should have, they looked into the dropped ceiling, but found such a mess of abandoned wiring that they advised their client to remove all of the unused wire. Days later, while the client was in the process of doing this, he found two small black items with a wire coming out of each one. You guessed it; they were radio transmitters. The lawyer for the firm took one of the transmitters to the FBI complaining of government infringement on lawyer-client confidentiality, etc. Thereupon the FBI allowed the lawyer listen to a recording of the activities of the sweep team. Oh, embarrassment! Upon being questioned by his employer, the spectrum analyzer operator admitted that he had seen at least one whopper of a signal that he could not identify, but said that he could see no modulation on it so he didn't worry about it. What's the moral to the story? It's a moral for all sweep team technicians: if you find something that you do not understand, point it out to the boss. He's not going to fire you because you don't understand. Maybe he won't understand, but at least he's the one who is responsible for the operation, so let him figure out what to do about it. He'll be much happier to be asked to figure it out than to be super-embarrassed later, as was the man whose team's activities were played back to his client's lawyer. Guaranteed. Q & A Q. Don't you think that you might be most apt to miss the most sophisticated bugs and taps? A. To answer this question accurately, we must first define terms. Let's first consider what is meant by a sophisticated bug or tap. To us, the most elegant systems are the simple ones; so if your idea of a sophisticated is one which costs a lot to design and build, we have a basic misunderstanding at the outset. To put in into perspective, we can use less than $10 worth of electronic components to build a telephone tap that cannot be electronically detected by any combination of equipment and techniques other than a physical inspection of every inch of the telephone line. If you want a bugging system that cannot be detected by any combination of equipment and techniques other than physical inspection, the cost for the bugging system is in the same range. So price is no criterion in determining the level of sophistication of a tap or bug. In fact, the simplest bugging system consists of a modification of an existing telephone, and the cost of the components in this system is zero. (However, there is one aspect of bugging and tapping in which the amount of money available is extremely important sometimes -- and that relates to attaining access to the target area. If the bugger has to bribe someone, or to hire someone to break in to the target area, then the price tag is significant.) We do not mean to imply that all good attacks are inexpensive. There are some attacks which would entail high costs. They include special attacks such as super-high frequency RF, exotic modulation techniques, unusual carriers, and modification of some of the modern electronic telephones and systems. So the overall answer to the question is that finding an on-premises tap or bug is probable if you have an experienced team with the proper equipment, and the other side has normal resources. On the other hand, if the other side has tremendous resources (time, access and money) -- they'll probably beat you most times. However, it's a real world. The enemy is not ten feet tall. He does not have unlimited resources. He is not perfect. He does make mistakes, and leave evidence of his activities. If your team is a good one, and properly equipped, and disciplined, and thorough, your team is going to find the on-premises system with regularity. Keep in mind, though, this very important caveat: "There is no electronic device or system that can detect even a simple off-premises tap. FEEDBACK During the past couple of years we have heard many stories about field activities of TSCM teams (such as the story with a moral to it elsewhere in this issue). As space permits, we'll share many of those stories with you, including the details (with pictures also) of Ha Ha boxes, some astounding claims by some folks, and information on new products, ideas, etc. YOUR comments are solicited. NEW CATALOG Sherwood Communications Associates is offering its new catalog, with one year of updates, for $20. Interesting, and eclectic, selection of items, some very expensive and some very inexpensive. Order from SCA, POB 535, Southampton, PA 18966. OXYMORON This word means a figure of speech which appears to be self-contradictory. The first example that your editor ever heard was "military mind" and he bristled somewhat at that because, at the time, he was wearing army green. Another example is "Independent Grocers Association". You can certainly think of many more. Anyway, what should we call a real-life combination which is self-contradictory? The example that we have in mind concerns a Bell Operating Company which offers a device for sale which is forbidden by that company's tariff. This BOC operates under authority of a tariff (which it prepared) which requires that anyone recording a telephone conversation must cause a beep tone on the line to warn all parties that the call is being recorded. The penalty for failure to comply is termination of telephone service. The oxymoron-like situation is that this same BOC sells a telephone answering machine that has a call recording capability, but no capability to produce a beep tone. That's right. This company has written a tariff which says that calls may only be recorded if the recording device emits an audible beep tone to warn all parties that the call is being recorded, and at the same time they sell equipment which can record conversations but cannot generate the required tone. BOOKS WORTHY OF SPECIAL NOTE We have touted this book before, but it is truly outstanding and should be studied by anyone who needs to begin to understand how the telephone and the telephone system work. Understanding Telephone Electronics. 292 pages. Paper back. $3.49 at Radio Shack. Developed and published by Texas Instruments Learning Center. Excellent book. Prac tical. No theoretical errors. Contains absolutely none of the garbage and mistakes propagated by generations of "experts" in the field. Since the first edition was published, a new, larger, and more expensive edition has been created. It is available as follows: Second Edition. LCB8482. $14.95 plus 1.25 S&H from: Texas Instruments, Inc. POB 225474, MS8218 Dallas, TX 75265 If you are concerned about invasions of privacy in contravention of the Freedom of Information Act, the following book will open your eyes. The Private Sector by George O'Toole. W.W. Norton & Co. 1978. 250 pages. Hardcover. $10.95. Reveals the existence of the Law Enforcement Intelligence Unit (LEIU), a non- government organization, dedicated to compiling dossiers on private citizens, which seems to be immune to penetra tion under the provisions of the FOIA. If any aspect of George Orwell's fantasies (1984 and Animal Farm) seem too far out, you should look into this book. Secret Agenda by Jim Hougan. Random House. 1984. 148 pages. Hardcover. $19.95. The author tells his version of The Watergate Affair, which is a far cry from what we got from the news media. For instance, he points out that the telephone calls monitored in Howard Johnsons Hotel were not Democrat National Committee business; they were calls to prostitutes! However titillating that information may be, the book contains some chilling observations, e.g., 1. page 90. CIA agents putting their director under sur veillance with written orders stating "At no time should the Director be made aware of SUGAR coverage......" 2. page 274. The Secretary of Defense "...... counter manding in advance any 'unwarranted military directives' that President Nixon might issue." 3. page 312. "... Alexander Haig had ordered the Army's Criminal Investigation Command (CIC) to make a study of the President's alleged ties to organized crime ....." TRAINING COURSES Audio Intelligence Devices measures training 1400 NW 62nd St. Ft. Lauderdale, FL 33309 305-776-5000 Dektor one week and two week 515 Barnard St. technician training courses Savannah, GA 31401 912-238-0075 Information Security Associates four day technician course 350 Fairfield Ave. Stamford, CT 06902 203-357-8051 Jarvis Intl. Intelligence, Inc. measures and countermeasures 3212 N. 74th Ave. E training and service Tulsa, OK 74115 also, methods of entry, etc. 918-835-3130 Ross Engineering, Inc. two-day seminar on Comsec 7906 Hope Valley Ct. for managers and investigators Adamstown, MD 21710 special short briefings 301-831-8400 Texas A&M University System countermeasures technician College Station, TX training 409-845-6391 COMMUNICATIONS SECURITY ASSOCIATION, MEMBERS-ONLY NEWSLETTER (This announcement is repeated for the benefit of those who may have missed it in the earlier edition.) The Board of Directors has decided that, starting in January, the COMSEC LETTER will become the official organ of the association. Subscriptions currently in force will be honored, but no further independent subscriptions will be accepted. Membership dues in the Comsec Association are: Individual Professional USA, Canada, Mexico $50 per year Other Countries $70 per year Student (send proof of status) $10 per year Membership applications and other questions to; CSA, Membership Services POB 3554 Frederick, MD 21701-0904. PHOTOSENSITIVE EPILEPSY Computer Security Digest reports that some people suffer seizures when the flashing rate of the VDT is four to ten pulses per second. This may be the same phenomenon that one of the flying magazines reported years ago under the name of flicker vertigo. That report said that the critical rate was twelve pulses per second. March, 1986 COMSEC ASSOCIATION The COMSEC Association is gradually beginning to take form with some volunteers in the DC area working on membership programs and meeting plans for 1986. Sometime this summer, we'll be announcing plans for at least one national meeting this year. No grand plans, just a simple meeting with a few exhibitors, and some conferences featuring some of the most knowledgeable people in various fields. Our Board of Directors has been increased in size from three to five and we expect to increase the size again before the end of the year. Elected to the two new seats were Paul Bowling and E.T. (Gene) Smith. They are working together to expand the membership and to set up our 1986 meeting in the Washington, DC area. If you have any questions, or if you want to volunteer to help, call Paul on 301-843-3809 or Gene on 703-533-8555. If all goes well, we expect to be able to add staff by summer and that should put an end to the communications problems that have existed with only one volunteer worker to handle everything. PRIVACY OF PHONE CALLS The public switched telephone network is not secure. Any information being transmitted over metal wires can be picked off by a third party easily and with almost no chance of being detected. Note that we say any information, and that is precisely what we mean. Whatever is being carried over those wires, be it analog, dig ital, or any combination, can be picked off very easily. What level of technical expertise is necessary? Well, we've said it before and testified to it in federal court: about ninth grade hobbyist. In fact, one installer who testified in the same court case said that he had installed his first extension phone when he was nine years old! So our ninth grade hobbyist might just be a mite overqualified. LETTER TO THE EDITOR Recently the Washington Post ran an editorial under the heading "Taps without Wires", and your editor thought that the Post readership would benefit from exposure to his ideas on the subject, and so, sent the following letter to the Post. Dear Editor: Your editorial "Taps without Wires" concludes that the federal laws relating to communications privacy should be updated and upgraded soon. As an engineer who has testified as an expert in federal court as to the meaning of the old (1968) law, I agree with your conclusion wholeheartedly. However, I cannot endorse your implication that the old law prohibits eavesdropping on voice communication between humans, because it does not. In fact, none of those words is even used in the old law. Instead, it prohibits "surrep titious interception of oral or wire communication" and defines interception as the "aural acquisition" of the con tents of oral or wire communication. That means that, under the 1968 law, if no one other than the intended recipient ever heard the contents of a message transmitted by wire, then no interception took place. Two absurd scenarios flow from the convoluted language of this law: 1.if a data transmission (a series of audible tones) is recorded and played back so that it is heard by a human (or animal) a felony has taken place -- even though the message was never understood by anyone other than the recipient, or... 2. if a voice communication between humans has been recorded and transcribed into written form by modern computer techniques without ever being heard as sound by man or beast, then no violation of the law has occurred -- even though the full content of the mes sage is available to the eavesdropper. Our legislators in 1968 set out to prohibit eavesdropping on voice communications between humans, but they wrote something with an entirely different meaning. Yes, change is in order. Let us hope that Congress will listen to some unbiased technical advice, and write a law that will correct the deficiencies of the old law and be enforceable. P.S. I recognize that my views are contradictory to what has appeared in the lay press, and even to some of the material provided to the Congress by their Office of Tech nology Assessment. However, before throwing my letter into file 13, I ask that you do either or both of the following things: 1. read the law, or 2. call me. So far as I know, I am the only engineer who has ever testified in federal court as to the meaning of the old law. I have studied that law and its legislative history, and discussed it with many legal scholars. I regularly lec ture on this subject (see enclosed material), and I am one of the founders and the first president of the Communica tions Security Association. I am not a kook. I have no ax to grind. My only reason for wanting to be heard is an honest desire to present accurate and unbiased information so as to correct a popular misconception as to the meaning of the current law and to help to see that an effective new law is enacted. TAP DETECTION In our July 1985 issue we carried a segment that stated, several times, that there is no electronic instrument that can detect even a simple tap. That is a verity. However, shortly after that item appeared we got a note from a brash young man named Roger Tolces. Roger lectures the professor, telling him he should find out what a TDR is. Dear Roger: Sorry about that. This old head conducted detailed TDR experiments with some other engineers and technicians some years ago -- probably before you even got into this business. You don't have to introduce Jim Ross to the TDR; he has tested it against some very simple circuitry, and it cannot detect even a simple tap. Dear Reader: Please stay tuned. More on Roger Tolces and the TDR and his intriguing tale about his experiences with the FBI in a future issue. Meantime, believe it: There is no electronic instrument that can detect even a simple tap. We'll tap a phone line and beat Roger's TDR one thousand times out of one thousand attempts to detect our tap. (By the way Roger, why not take us up on our challenge to create a better definition of a tap?) FEEDBACK Sometimes the feedback comes in wonderful quantities, and this is one of those times. In addition to the letter about photosensitive epilepsy, other items in recent issues have triggered some of our readers to send us enlightening material. First, many responses to our query, "Should we change the name of this letter?" A few interesting names were suggested, but the majority cast their votes for leaving the name the same. One respondent wants us to stop using the YOGO dateline, but we're not ready to even consider that yet. (By the way, do you know what it means?) (It's your editors way of trying to make a point, and he'll expound on that later.) Our January issue mentioned an audio amplifier from radio shack called the binaural amplifier, and that drew a response from one of our regular anonymous straight-talking responders: "It's a piece of ____!" We thank him for his explicitly stated evaluation of this item. What's your opinion? And then there was a piece about Youth Action News. Talk about feedback! We now have TEN issues, going back to 1977. To our, again anonymous, contributor we say, "Many Thanks. Your help is really appreciated. With regard to Youth Action News, as we stated in the first segment on this publication, we're leery of material which uses words that are not defined. However, we promise to give all of this a thorough reading and to report on our opinion in a future issue. HARASSING PHONE CALLS Steve Barnhart tells us that there is a device called "Shriek Circuit" which may have application in discouraging harassing phone callers. It is supposed to send a powerful blast of sound to deafen the caller. He hasn't tried it, and we haven't tried it; so we're not recommending it. (As mentioned in an earlier letter, we're quite certain that the sound level will not be passed through the phone system undiminished.) Steve says it is sold by Consumertronics, POD 537, Alamagordo, NM 88310. If you buy one, please let us know how it works. PHOTOSENSITIVE EPILEPSY A short comment on this phenomenon in our last issue brought the following response. Dear Jim: Always read your COMSEC LETTERS with great interest. Re the February 1986 issue and specifically the paragraph titled PHOTOSENSITIVE EPILEPSY, be aware that there was a tremendous amount of research during the Vietnam war related to this subject. When it was discovered that certain low frequency (around 7.5 Hz) pulses could induce a petite or grand mal seizure, the Army immediately began studying the possibilities. After "Audiogenic Seizure Susceptibility Induced in Mice by Prior Auditory Exposure," by K. R. Henry, Science, 158; 938-40, 11/17/67, the Pentagon classified all further research including that on photogenic seizures. And yes, it does cause some cancellation of our "scan rate" .. whatever that happens to be in each individual living organism. People get sick when strobes are used at low frequencies. Pilots get seizures when landing single-engine aircraft to the west at sunset because of the prop strobing. The reaction that folks have to certain CAT scan machines like the magnetic resonance devices is likely caused by the same problem. There was a report in the spring of 1968 that the Army had a research group build a very large oscillating disc several feet in diameter and driven by a very powerful driver that put out about 160dBA at frequencies under 10 Hz. A little like the effects of mustard gas with the wind changing directions, the experiment ended with the termination of every living organism in a 2000 square yard area. So went that unconfirmed report. All Best, Bernard L. Krause, Ph.D. Our thanks to Bernie Krause. It is detailed information like this that makes it such a pleasure to write this newsletter. Not only did he take the time to respond in detail, he also provided references. If you want to contact him, his address is: Audio Forensic Center, 2631 Clay Street, San Francisco, CA 94115. 415-563-0202. April, 1986 COMSEC ASSOCIATION The officers of the association are: President James A. Ross 1st VP Arnold Blumenthal 2nd VP Kenneth R. Taylor VP Membership Paul Bowling VP Finance E.T. Smith At present there have been no local chapters organized but there has been considerable interest from several areas in the country. To assist in getting local chapters started, we'll send a XEROX copy of the current membership list to anyone who inquires. (The XEROX copy is the best we have to offer at the present time. The list will be typeset again, and run in alpha and zip order; but it will be some time before that is complete.) Be prepared for some kind of a notice relating to dues. It looks almost certain that we'll be taking advice from professionals in the association business, and going to a standard membership year with all memberships ending on December 31. If you have any great ideas of how to implement such a program, please let us hear from you. Also, the board is working to revise the by-laws, and we expect to have the new version ready for a vote by the membership in time for our 1986 meeting in Washington. Negotiations with Cahners Expositions to collaborate with them on the show that they are putting on in NYC in October resulted in no meeting of the minds. Therefore, we will not be exhibiting at that show. (Probably just as well -- they chose to name it CCS 86, and we certainly can see some potential problems with that name.) Also in the works are changes in membership categories with some corporate memberships open to companies in the trade, and some affiliate memberships open to companies wishing to do business with our members. If you have any ideas along this line, please call either Paul Bowling (301-843-3809) or E.T. Smith (703-533-8555). If you have any ideas relating to the activities of the Comsec Association, or ideas of benefits that we can arrange for our members, please call either Paul or E.T. (numbers above). They are both working very hard to expand our activities, benefits and membership. Since our inception we have used a service which provides telephone answering and an address in Washington, DC. At present ET Smith and Paul Bowling are looking for a way to establish a semi-permanent address for the association without running up a tremendous bill every month. Until they arrange the new address, please use POB 3554, Frederick, MD 21701 for any inquiries. Addresses and phone numbers for CSA board members: Arnold Blumenthal PTN Publishing Company 101 Crossways Park West Woodbury, NY 11797 516-496-8000 Paul Bowling National Investigative Services 5931 Michael Road Waldorf, MD 20601 301-843-3809 James A. Ross Ross Engineering, Inc. 7906 Hope Valley Court Adamstown, MD 21710 301-831-8400 E.T. Smith The Republic Group (Teltron) 5801 Lee Highway Arlington, VA 22207 703-533-8555 Kenneth R. Taylor Target International Corp. 14839 NE 20th Avenue North Miami, FL 33181 305-940-0035 PERSONAL (PERSONNEL) NOTES There is a good strong possibility that your editor will be moving to the Miami area to become the Director of the Target International Corporation Security Academy. His business in the Washington area is up for sale (all or part), and he plans to continue editing the COMSEC LETTER after relocating to FL. We're now looking for someone in the DC area to be the executive director of the association. Please note: CSA has been a cash-flow negative operation since its inception. The need to hire someone means that the Association will have to greatly expand its revenue in order to be able to pay a decent salary. That means that we'll have to start a major recruiting and fund raising campaign. Your ideas and your help are needed. ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1985 In one of the first COMSEC LETTERS we ranted about an effort of the federal government to try to solve a problem by passing a law. Specifically, we said: We object on principle because, in our lifetime, we have watched legislators, time after time, try to legislate the solution to a problem; and usually in the process they create problems many times worse than the one they were trying to solve. We give it as our fixed opinion that there is a sickness in this land, the virulence of which increases with proximity to the Capitol; and that sickness is the ingrained belief that the federal govern ment can legislate a solution to any problem. Here in 1986 they are again trying to legislate a solution to a problem. Because some people have just discovered that what is broadcast by radio can be heard by anyone with the proper receiving equipment, our legislators are trying to make it a crime to listen to what has been transmitted on certain frequencies. What hogwash! In a meeting with a member of the Congressional Office of Technology Assessment a short time ago, I protested that the law would be clearly unenforceable and was told, "There are many laws on the books which are not enforced." Of course I agree. However, I take the position that every law that is not enforced tends to create disrespect for all laws, and I am vehemently opposed to the provi sions of the bill as it stands. Many other folks have taken positions opposing the bill for many different reasons, and we'll be presenting some of their comments in future letters. You are invited to call or write with your comments. CALL FOR PAPERS The deadline for abstracts is May 20, so you don't have much time; but it sounds as though this will be an interesting meeting. "Protecting Intellectual Property" is the title, and it is being put on by Aerospace Computer Associates in December in the Washington, DC area. Contact Steve Walker, technical chairman, on 301-854-6889 for information on presenting a paper during the conference. If you are interested in making a presentation at the one- day tutorial which precedes the conference, contact Chris Perry on 703-883-6235. DEFINITION OF A TAP Because there had been no responses to our challenge to create a definition of a tap, we proposed the following definition in our September '85 letter. (After all, many of us make good money checking for taps; it seems reasonable that there should be a definition of a tap.) "Tap, n., v., ---n. The act or process or equipment used to monitor and/or record the content of messages being trans mitted over wires without degrading the quality of trans mission or interfering with transmission in any way, and especially without being detected. The product of a tap is the content of messages being transmitted over wires. ---v.t. To perform the necessary steps to accomplish a tap." We followed our first effort at defining the word with the follow ing comments. "N.B. Because most taps seem to have conversations between humans as their objective, it has become common to think of taps as having a product which is human voice conversations. (In fact, to simplify terminology during the seminar we refer to listening to microwave or satellite-borne telephone conversations as taps.) Note that the definition above does not refer to voice conversations between humans. Anything being transmitted over wires can be tapped. That means that data, Teletype, facsimile, etc. can be the product of a tap. Also, keep in mind that the definition refersto anything being transmitted over wires, and is not limited to baseband transmissions. That means that modulated RF, CW, ICW, or any transmission at any carrier frequency, unmodulated or modulated using any type of modulation, is included in the definition. So let's go critics. Have a shot at the definition of tap." In response to our request for others to provide a definition, W. Bonham C.P.I. C.I.I. of Wausau, WI sent us the following for which we thank him sincerely: "A tap would be the act, when an individual who has an expectation of privacy sends or communicates over a wire or other means of transmission any information which the sender feels that they have an expectation of privacy with and that any person who is not authorized intercepts this communication by whatever means with the intent to solely intercept without authorization would by prima facia evi dence of committing this act. The definition of tapping requires three elements; the first element being that the communication from the sender was transmitted through or over facilities that are normally used for generally trans mitting any type of communication. These type are defined as but not limited to telephone, telegraph, electric lines and/or other lines of communication that are either pub licly or privately owned. The second element would require that the intercepter did in fact penetrate or infiltrate these lines of communication gaining access to said private communications regardless of whether these communications were recorded or only orally intercepted. The third element would require that the interceptor did in fact commit the act described in paragraph two by whatever means." Considering the number of people who read this letter, we're really disappointed that Mr. Bonham is the only person who took the trouble to make a contribution. We hope that his effort will spur some other members to send in their ideas. His definition leans toward what was called "elements of the offense" if your ol' editor properly remembers some of what was thrown at him in a couple of semesters of law class. Our definition, on the other hand, tends to define the term from a technical point of view. Your comments are actively solicited. Congress has not defined a tap very well in our opinion, and our own definition leaves in limbo the question of whether coaxial cable is considered "wire", and further, what about wave guide? May, 1986 ELECTRONIC PRIVACY ACT OF 1986 We've carried information and opinion on this act in earlier edi tions, and we'll probably have something on it in every edition until it is defeated or put into sensible form, or -- heaven forbid -- passed into law. This astounding law, among other things, would make it a crime to listen to what has been broadcast by radio on certain frequencies. The law cannot be enforced. Those who wish to listen will be able to listen with essentially zero chance of being detected in their "criminal" activity, and no chance of being punished for engaging in their "criminal" activity. What then will the law accomplish? 1. It will serve to diminish respect for all laws. Every unenforced law tends to diminish respect for all laws. 2. It will offer cellular communication sellers an oppor tunity to take advantage of folks by allowing them to assure their customers that their broadcast conversations cannot be overheard because "there's a law against it". 3. It will mean that it will be possible for a person to be accused of committing a crime if he operates a radio a. without being aware that listening to what has been broadcast on certain frequencies is a "no-no", or b. operates a radio that does not accurately display the frequency tuned to, or c. operates a radio that has poor selectivity, or d. operates a radio that has poor image rejec tion, or e. does anything that allows him to hear what has been broadcast on the specified frequencies (e.g., uses a spectrum analyzer or crystal set or a TV on Channel 80 - 83, etc.). (Of course, defenders of the bill will point out that there are words in it relating to the "intent" of the listener, but how does one prove a lack of "intent"?) 3. To those with any understanding of radio communica tion, propagation, etc. it will make the legislators who voted for it look very silly. Yes, I agree that something should be done to modernize the laws. Yes, we are entitled to protection from wholesale eavesdropping by eager investigators. Yes, law enforcement organizations with cause should be able to eavesdrop on suspects. (ACLU ?) But making the mere listening to what has been broadcast into a crime is ludicrous. In fact, from here it looks like the beneficiaries of the proposed new law are the salesmen for cellular phones, and some very smart (but devious) law enforcement types who will be able to snoop legally without fear of violating the law because they built in some beautiful gaping loopholes. More coming. INFORMATION SOURCES For books and training courses relating to telephones and telephone systems, contact: abc Teletraining, Inc., POB 537, Geneva, IL 60134. 312-879-9000. Also, Teleconnect is offering specials on some of the publications from Texas Instruments Learning Center. Contact Teleconnect on 1-800-LIBRARY. By the way, TILC no longer sells their "Understanding" series of books. If you want to buy any of them, contact Howard W. Sams Co., 4300 W 62nd St., Indianapolis, IN 46268. 800-426-SAMS. As we've commented several times earlier, Understanding Telephone Electronics is an excellent book for anyone intending to do any work with telephones or telephone systems. Washington Researchers Publishing offers an outstanding newsletter, The Information Report. For a sample issue and subscription information contact them at 2612 P St., Washington, DC 20007. 202-333-3533. Two catalogs featuring publications on a wide variety of subjects just arrived. For books on scanning, SWL, cryptography, eavesdropping, etc. contact CRB Research, POB 56, Farmingdale, NY 11725. For a selection aimed at prospective private eyes contact Thomas Publications, POB 33244, Austin, TX 78764. (If you buy any of their selections, we'd really appreciate your comments -- a full length review, or just a few words.) RADIO SHACK TO THE RESCUE (Thanks Joel!) In doing countermeasures work one of the bugaboos that we have faced from time to time is the problem of connecting our telephone analyzer to a standard wall phone with modular connectors. We've improvised several times --- using the Fluke multimeter to make the voltage readings from terminals inside the instrument, using an audio amplifier and a modular breakout cable to make audio feedback tests, etc. In short, it's meant a lot of extra work because there was no simple way to hook up the analyzer in parallel with the phone and the line. Now comes Radio Shack to the rescue. They just came out with a new product that we see a real need for in countermeasures. It's called "duplex wall phone adapter" (their part # 279-359), and it sells for $9.95. It provides a standard modular jack in parallel with the telephone so that Harry Homeowner can connect his telephone answering machine to the phone line at the wall telephone. In our business, of course, it can be used to connect the telephone analyzer to the phone and phone line which should make life a whole lot easier when you are trying to do standard tests with one of the commercially available telephone analyzers. By the way, we'd appreciate feedback from anyone who tries this product. (Our first attempt was in front of a seminar group in a rented meeting room in a motel, and we had difficulty in getting the phone to connect to the adapter.) INDUCTIVE PICKUP The suction cup inductive pickup (for telephones) has many, many drawbacks, and we've been asked many times for the source of a better inductive pickup. Finally, we've found one. It is a larger loop and fits around the earpiece of the telephone handset. (We've not tested this one, but if it works like our old faithful, you won't be disappointed.) $4.88 ea. P/N 1GSO174 from Electronic Supermarket, POB 988, Lynnfield, MA 01940. 617-532-2323. MODERN FOOLPROOF ELECTRONICS VS. OLD-FASHIONED SKULDUGGERY This story comes from one of our readers who wishes to remain anonymous so as to preclude any possibility of embarrassing his client. It seems that the client had purchased some "state-of-the-art" electronic computing and cash registers for some bars that he owns with the idea that the automatic electronic reporting by each cash register to the computer would cut down to the minimum the "shrinkage" he had been experiencing. Unfortunately, even with the fancy system in place, simple arithmetic told him that he still had some unknown partners who were sharing revenue with him in his bars. Enter the consultant who knows electronics and people. He walks to the cash register and unplugs the line to the computer, rings up a few sales, and replugs the line to the computer. You guessed it. While the line was unplugged, no sales were recorded, but the cash register worked normally. The scam was simply to unplug the line when the "sale" was the bartenders take. That's all there is to it. Even the manufacturer's representative was not aware that it was so simple to beat the modern electronic cash accounting system. Live and learn. EVALUATION COMMITTEE One of the ideas of the founders of the COMSEC Association was to establish a data bank so that the qualifications, credibility, etc. of TSCM product and service vendors could be made available to mem bers and others. At present, Paul Bowling and E.T. Smith are start ing to put together the mechanics of such a system. Paul expects to have a computer bulletin board up and operating in about a month, and ET is working to put together the details of a plan to provide listings of products and services for member companies. If you have any equipment to donate, or any ideas about corporate membership benefits, fees, etc., contact Paul or ET. Having just heard yet another horror story about an unqualified and unprincipled firm which collects in advance, but doesn't deliver, we're more anxious than ever to start a COMSEC "Better Business Bureau". In other words, a data bank of information on submissions to the COMSEC Association. If you've been ripped off, and can get no satisfaction from the ripper, send us the full information. We'll contact the ripper to give him a chance to answer the complaint; and we'll make the entire file available to members for a nominal fee. YET ANOTHER WAY TO TAP A PHONE This may sound far out, but it rings true to us because we had a similar experience years ago in Florida. In our case, we had con tracted with an answering service for them to pick up on our busi ness line if we did not answer by the third ring. Worked great. Never had to remember to turn on a machine or notify the service. The only problem was that after we had cancelled the service, the service did not cancel the line that they had ordered run to them from the central office. The result was that we paid for years of unwanted and unused service. The phone company refused to even con sider the fact that we had been unaware that someone else had ordered service for us and neglected to cancel the service, and we were stuck with the bill -- no refund even considered. The current information comes to us in a newsletter which details the same kind of overbilling, but for a completely different pur pose. Ted Gunderson, a former FBI agent in Los Angeles who is working as a private investigator, contends that GTE took an order for additional service (a pair connecting his line to an answering service location) from someone else and billed him about $40 per month for two years. He has received a refund from GTE, but GTE refuses to let him know who placed the order. In other words, a tap was on his line for two years, he paid for it, and he cannot find out who ordered it or who was listening. NEEDED FOR TESTING We really want to test an old-fashioned AM wireless intercom, but we don't know how to find one. Can you help? While we're at it, we might as well mention that the COMSEC Association is putting in for recognition as a 501 (c)(3) corporation. What that means is that you'll be able to take a tax deduction for contributions of cash or goods. (There are rules and regulations, and limits, etc. but nothing horrendous.) So you'll be able to send us your old books, surveillance receivers, spectrum analyzers, func tion generators, etc. and take a tax deduction for your contribu tion. READ ANY GOOD (BAD) BOOKS LATELY? Why not send in a review of any book relating to communications and/or information security. Help our members separate the wheat from the chaff. Recommend the good ones and pan the bad ones. Don't leave the membership at the mercy of your ol' editor. They deserve opinions from more than one person. Let us hear from you today! QUESTION It's 1986, YOGO + 2. Do you know where your (Telco) dollars go? Did you ever hear of "Telephone Pioneers of America"? INFORMATION PLEASE This first question is one that came up during our last seminar, and leads to some other interesting questions, we think. Here 'tis: Q. Do you know of any TEMPEST-type attacks against non-government targets? That is the question, and we'd like to hear from you, if you have any information. More questions along this line later. Meantime, remember, we'd sure like to hear from you. June, 1986 ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986 At the time that this is written we see nothing more important to report on than this activity in Congress. We think it poses a threat to basic freedom in this country, and we're actively working to correct some of the strange provisions in this bill. To give you some history: Congress decided that the old law (sometimes called "Title III") needed to be updated, and worked on drafting a new law. Companion bills were introduced in the House and the Senate, worded identically. Unfortunately, they were written as amendments to the old law. (What that means, in the practical sense, is that outsiders like us [isn't it terrible that we citizens are outsiders when it comes to writing the laws? Whatever happened to the idea that government derives its power to govern from the people?] have to write out the old law and then substitute words and phrases as specified into the text of the old law before we have a readable copy of the new law. We were in the process of doing that in our computer when the House bill was withdrawn, and another substituted in its place. The new bill was reported out of committee with a 34 to 0 vote and sent to the floor. There, less than one week later, it passed by voice vote without debate or amendment. Sound like a railroad job? We think so. Calling our Congresslady and the committee resulted in our receipt of a copy of the new bill, and -- you guessed it -- it is not written out either. So here we are, spending the majority of our time trying to make a living, and sandwiching in some sessions to try to write out what they propose so we can study it. Meantime, some of our understanding of the provisions of the bill is dependent on what others say it says -- and that's a scary situation. (See the segments in this letter "WHAT A DIFFERENCE A WORD MAKES", and "CHOICE OF WORDS".) So the house has passed the law and it is now up to the Senate to pass its version. We're concerned, and one step that we've taken is to write to each of the Senators. A copy of the letter sent to Senator Mathias follows. (He heads the Senate committee looking at this bill.) (Adaptations of this letter were sent to all senators. Dear Senator Mathias: This is in reference to S.2575, Electronic Communications Privacy Act of 1986. First, I must point out that I am not a lobbyist and I stand to gain nothing by any changes that you may make to this proposed law. I am writing to every senator as a concerned citizen who has some special knowledge of the technical area addressed by this bill -- a citizen who is very concerned that the companion bill, with its many serious faults, passed in the House of Representatives without hearings and without debate. The principal reason for my concern is that many of the provisions of the new law would be patently unenforceable, and every law that is not enforced tends to create disrespect for all laws. Also of major importance is the fact that the law tries to overrule the laws of physics and, in that attempt, would make a felony out of some common, ordinary activities. Yes, the old communication privacy law should be updated. I believe that I am the only engineer (BS, West Point; MSEE U. of Illinois) who has testified as an expert in federal court as to the meaning of the old law, and I am ready to shout from the rooftops that the convoluted language of the old law is next to impossible to interpret. I have spent many hours studying it and its legislative history, discussing it with experts on the law, and testifying in court as to its meaning; and I know that a new law is badly needed. However, we don't need a new law that uses even more convoluted language, is largely unenforceable, contains loopholes and loopbacks, ignores modern technology, uses outdated terminology, and overall does not do what its framers said that they intended. I am the president of the Communications Security Association, but I am not writing as a spokesman for the association; I am writing as a private citizen who is concerned. If the Senate takes a deliberative posture and time thus becomes available, the Comsec Association will take a position and offer expert witnesses. I urge you, Senator Mathias, to hold hearings on this bill. I am prepared to testify, and I believe that you should contact the Institute of Electrical and Electronics Engineers for other technical experts with appropriate experience. (Each engineer to whom I have mentioned provisions of the bill has responded first with laughter, and then with incredulity that our legislators could even seriously consider passing a law that attempts to overrule the laws of physics.) Please take action. It is vitally important. WHAT A DIFFERENCE A WORD MAKES, TWO EXAMPLES FIRST EXAMPLE In the law that Congress is trying to update, the words which define interception of communication are "aural acquisition of the contents" of the communication. What that combination of words means, in your editor's opinion, is that somebody heard the contents of the communication. After all, "aural" refers to the hearing mechanism in our heads (or for that matter to the hearing mechanisms in the heads of animals, reptiles, fish, fowl, etc.), and achieving "aural acquisition" seems to be simply a strange way to say "hear". In any event, the law defines interception differently than the dictionary does, and is very precise in its definition. So now come various groups and organizations and people who take it upon themselves to "explain" to us unwashed masses exactly what the law means. And what do they tell us it means? Why they say that the law says that interception means the "acquisition of the content" of the communication. Hey! What happened to "aural" which refers to human hearing. Are they deliberately trying to confuse us? In this first example of "WHAT A DIFFERENCE A WORD MAKES" one key word has been left out and the entire meaning of the law has been significantly altered. Instead of saying that interception means hearing the content of the communication, people are saying that the old law says that interception means acquisition of the content -- and there is a world of difference. At least one judge in Virginia is not confused. The Virginia law is written with the same definition of interception, and in a case in which there was incontrovertible evidence that private conversations had been recorded he ruled that there had been no interception because there was no evidence that anyone had ever listened to what had been recorded on the tape. C'mon you experts. The law does not define intercept as "acquisition of the contents"; it defines it as hearing what has been transmitted, "aural acquisition of the contents". Any other interpretation is perverting the law as written. SECOND EXAMPLE The second example of the awful consequences of leaving out one single word relates to the study, widely quoted, which was done for Congress by their Office of Technology Assessment. In that report, in reference to the protection of communications afforded by the old law, OTA uses these words: "...communications...other than voice are not clearly protected." So how is that translated? Did the translation of the translation change the meaning? It sure did! People (including Senator Mathias) who use that report as their authority are now saying that the old law protects only voice communications. It seems that they decided that the word "clearly" was too limiting so they just left it out when they interpreted OTA's interpretation for us. What a difference a word makes! Does the old law protect only voice communications? If you think so, you're wrong. The old law does not refer only to voice communications. In fact, the word "voice" is not even used in the old law! That law prohibits interception (defined as aural acquisition) of the contents of "oral and wire communications". In fact, goodbuddy, if you study the old law carefully, you'll come to the conclusion that it doesn't clearly protect voice communications as well as not clearly protecting other than voice communications. (More later.) CHOICE OF WORDS Throughout the proposed law and in all references to these laws our Congressmen have used the word "protection" when they are referring to the legislated prohibitions against eavesdropping on conversations. It is as though they really believe that they can legislate protection. If you believe that legislation can "protect" your broadcast conversations from being overheard, we have an experiment for you -- and any congressman who thinks he has such power. First let Congress pass a law which prohibits piranha fish from biting our citizens. Let's make it a felony. Then you, or your congressman friend, go jump in a river full of piranhas. Let me know how you make out. END NOTE Thanks to our many contributors; your material will appear soon. July/August, 1986 The July/August issue of ComSec Letter were never published due to the incapacity of the Ross family caused by an automobile wreck. September, 1986 Dear CSA Member: This will probably be the shortest COMSEC LETTER that you will ever receive -- and I hope that it will be the only one mailed out of order. The situation is that the Congress is about to create what I consider to be a very silly law which will benefit only those who are interested in skulduggery, and will create a false sense of security for the masses. I am referring, of course, to the Electronic Communication Privacy Act of 1986. I have written about this in earlier editions, and I expect to recount my initiation into personal efforts to influence legislation in future editions; but, for now, I am hastily trying to pass along one important thought and one administrative message: 1. Enclosed is a copy of a recent letter by the Association of North American Radio Clubs. Its message is simple. Contact your Senator to urge him to oppose legislation which would create an unenforceable law -- and make criminals out of people who listen to what has been broadcast in the clear on certain frequencies. It may already be too late, but we have to try to get Congress to think before they act. We have many members in the COMSEC Association who are experts on communications security, and they should have a chance to be heard. 2. This letter (September) is being mailed before the July/August edition because we had a choice of spending our time to finish the July/August letter or to work at trying to stop, or at least patch up, the impending law and we decided that the latter was more important. The July/August letter is in the works and will be coming to you soon. Regards, Jim Ross October, 1986 A PERSONAL NOTE FROM YOUR EDITOR Dear Friend, On September 12 Lynne and I were in a serious automobile wreck which left her with a broken neck. She has been a real champion throughout this ordeal, and at the time of this writing she is in a Philadelphia collar and at home. The prognosis is for a complete recovery eventually, and for that we thank God. Ken Taylor and Paul Bowling filled in for us at the ASIS show in New Orleans and Doug Kelly and Ken took care of our seminar following the ASIS show. Our youngest daughter, Marilyn, has been helping with some of the business work that Lynne used to do. Of course, many things have been postponed, and we apologize for any problems that our tardiness may have caused. Sincerely, Jim Ross ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986 Well, they passed it. Something like 25 seconds was all it took "the greatest deliberative body in the world" to pass this abomination. We'll have much more information on this in future issues. For now let's quote from a Monitoring Times editorial by Bob Grove: "Unenforceable, ill-advised and self-contradictory, this mockery of the judicial process should never have seen the light of day." (More information on the COMSEC Association's position on a related matter is carried in the segment of this letter entitled "FCC Letter".) COMSEC ASSOCIATION PLANS Paul Bowling has set up the COMSEC Association's computer bulletin board, and you are invited to call in. The number is 301-843-9266. Paul is also spending many hours of his own time to try to develop programs for members of the association. Details coming. This letter is very late, but two more letters are in the works in the computer so we hope to be all caught up by the end of December. By the way, the letter should begin to look much sharper soon. Jim Ross's business has a laser printer on order, so the COMSEC Letter will soon have an almost typeset look. Plans are also underway to take ads in the letter and in the membership list publication. Contact Paul Bowling for details. JOB OPENING We have been advised of a job opening in New England for someone with heavy countermeasures experience. It will require about 20% travel nationally and internationally. Good salary and benefits. Contact Jim Ross for more details and the name & number of the headhunter. LETTER TO THE FCC On 11-3-86 the following letter was mailed to the Federal Communications Commission in support of a petition by the Washington Legal Foundation to require manufacturers of radiotelephone to label their products to warn users that their conversations can be overheard. William Tricarico Office of the Secretary Federal Communications Commission 1919 M St Washington, DC 20554 RE RM 5577 Gentlemen: This association, composed of hundreds of professionals in the field of communications security, heartily favors requiring manufacturers of radios used in telephone service to permanently label such equipment to warn users that their conversations can be easily overheard. Something must be done to counter the false sense of security which the manufacturers and the congress have created. Radio transmissions can easily be heard by anyone, and no man-made laws will be able to change that fact. The Washington Legal Foundation should be commended for taking the initiative to create the petition to require privacy warning labels. If there is any question regarding this, I can be reached at my office, 301-831-8400. Very truly yours, James A. Ross President cc: Membership Secretary, Washington Legal Foundation Bob Horvitz, Association of North American Radio Clubs November, 1986 QUESTION FOR COMMUNICATIONS CONSULTANT In an article regarding major changes in U.S. communications policy in Communications Consultant, a magazine for people who earn their living performing as consultants on communications matters, Julia King wrote: "Some of them, such as the endorsement of the long-sought-after communications privacy law, have proved beneficial to both consultants and their clients." Our question for her: Just how has this new law proven beneficial to either consultants or their clients? Or, do you expect that it will become beneficial some day? If so, how? The one benefit that we see is a long-term one; the definition of "interception" has been improved. Now it is defined as the acquisition of the contents of a message, rather than as the aural acquisition of the content. After the new law becomes effective next year this change should make it easier for judges to understand, and should result in making the law stronger. Other than that, we believe that the only beneficiaries of the new law are those sellers who wish to take advantage of buyers by deceiving them with regard to the security of the communications equipment that they are touting. Law enforcement is a loser. They'll now have to get a court order to use a DNR. (Incidentally, our language is a loser -- the lawmakers insisted on using an 1890's term, pen register, when "updating" the old law instead of the modern term dialed number recorder or DNR.) Communications users are losers. They'll be more than ever convinced that any telephone is a secure means of communication. Some of us who make our living doing countermeasures could be big losers. We could get into trouble for conscientiously doing our jobs. Can't you just hear us explaining to the senator that we can't check that suspicious emanation from his office because it is on one of the frequencies that the senator has voted to make it a crime to listen to! A hand-addressed copy of this newsletter is being mailed to Julia King at Communications Consultant. She, or anyone from this magazine is invited to make a presentation at COMSEC EXPO '87. You'll have a chance to expound on your views in front of a knowledgeable audience. Let us hear from you. COMSEC EXPO '87 Due to circumstances beyond our control, we were not able to schedule our second COMSEC EXPO during 1986. At present, we are in the final stages of planning COMSEC EXPO '87 with the location to be the Washington, DC area, and the dates to be late in 1987. You will be advised. FROM OUR READERS Many, many, submissions from readers have been received. Some date back many months. If you have mailed in some material, don't despair of ever seeing it. None has been lost. We just haven't been able to get around to including all of the stories, ideas, information, etc. Hang in! For now, we'll pass along just one item which we received during the past month. Several members sent us annotated copies of a letter that had been sent out by a firm in Port Chester, NY. The organization seems to have many identities, so to keep from being sued for misrepresentation, we'll include the full description. The letter was signed over this signature block: Marsha Pearl, Mgd. Coordinator PROTECTION CONNECTION, a Property of CCS Counter Spy Shop. The letterhead says: The Counterspy Shop A Division of CCS Communications Control Inc. No, we don't know what "Mgd." means; but the CCS initials sure are familiar. Anyway, the essence of the letter is a request for submission of products for them to sell and includes the following in its listing of what you should submit: "...the merchandise itself for testing, ..." Now that, to us, is a very interesting offer. CCS, the master of advertising claims, now plans to test equipment. But wait! Maybe we are making an incorrect assumption. Your editor, being an engineer, assumes that the purpose of the testing would be to determine whether the items tested actually do what their manufacturers say they do. However, that may be a totally erroneous assumption. Well, we have a CCS employee on the mailing list. Maybe she'll enlighten us as to exactly what it is that CCS proposes to test for. If they plan to test for performance as claimed in advertising, we're certain that many of our members can suggest many CCS products to be tested. CALL FOR PAPERS Although the dates and place are not yet firm, we're asking everyone who wishes to present information on modern communications and information security to notify the planning committee as soon as possible. Send a short abstract, along with some biographical information, to: COMSEC EXPO '87 Planning Committee POB 3554 Frederick, MD 21701 If you have any questions, you may call 301-874-5311, but please be advised that that number is not answered on a full-time basis so keep trying. ADMINISTRATIVE NOTE This letter will, we hope, be the last of the 2-page letters. We have a mountain of backlogged notes for the letter and some very important information to convey, and we plan to start working out of this backlogged condition with all our might. In the next issue we'll again carry a listing of coming events -- we've been so far behind schedule that it had to be dropped temporarily. Please send in any announcements of meetings etc. in this field. December, 1986 ECPA The Electronic Communication Privacy Act is now the law of the land. It may have some parts which improve upon the old law, but it definitely has some provisions which are downright stupid. It is largely unenforceable, and probably will be used by the sellers of cellular phones to bamboozle their prospective customers by creating a false sense of security -- "No one can listen to your calls; it's against the law." Of course, anyone who wants to listen will listen. There is no chance that his "crime" will be detected; and the Justice Department has already said that they do not intend to try to enforce the law. Its drafters said they had to "update" the old law to "protect" modern communications that were overlooked in the old law. So they used terminology that was outdated even before the old law was passed. They dropped some of the words -- that they never did understand -- that were used in the old law in favor of some other words -- that they obviously don't understand. More on ECPA, much more, coming. Also, along the same line, we have an essay in preparation on the dangers inherent in writing to impress rather than to communicate, and using words you don't understand in the process. COMSEC EXPO '87 Our second annual meeting is now being planned for Washington, DC in the fall of '87. This time we're doing it all ourselves, and we guarantee you that we'll have a real opportunity for learning what's new and what's going on. If you want to appear on a panel, or give a presentation, or sell booth space, or work as a volunteer in some capacity, contact your editor on 301-831-8400. If you are interested in exhibiting, contact the conference coordinator, Shirley Henschel, at Expo Headquarters: 9306 Wire Avenue Suite 701, Silver Spring, MD 20901. Phone: 301-588-3929. At this time it looks like there will be three days of panels, seminars, and presentations; three days of exhibits, and one half day of a meeting of the members of the COMSEC Association. We're planning to allow plenty of time for visiting the exhibits so that it will be possible to attend all of the conference sessions and also see everything in the exhibit hall. CALENDAR Starting with the January issue we'll be inserting an extra sheet into each mailing of the COMSEC LETTER to list all of the educational activities, shows, etc that might be of interest to members. Bob Bryant, Michael Melhorne, Jim Ross, and anybody else who schedules many activities throughout the year will be handled in a special section outside the overall chronological listing. If you are planning an event that you think might interest our members, send your releases. We have a qualified readership. For this issue we're going to list only one event -- a very special one that deserves your attention -- and that is: Carnahan Conference on Security Technology Hyatt Regency-Ravina, Atlanta, GA July 15-17, 1987 Contact: Juanita B. Graves, Conference Coordinator 606-257-3973 Special Note. This year, for the first time, the Carnahan Conference will include exhibits. Contact Juanita for full information. MORE MODERN TELCO SERVICE FROM SOUTH CENTRAL BELL SCB has recently announced that it will offer, on a trial basis, a new service called "call rejection". The trial will take place in Natchez, Mississippi, and will cost subscribers $2.00/month. To use the service, the subscriber punches in a code using a DTMF pad, and records a message saying that he refuses to take any calls from the specified number. Each customer is limited to a total of six numbers from which he refuses to take calls. Also being offered during the test are calling number identification, distinctive ringing and selected call forwarding -- again, limited to a total of six selected numbers. Our hats are off to SCB. Again, they are offering modern services to their customers. COMSEC ASSOCIATION COMMITTEE CHAIRMEN Soon we will have completed much of the organizing work that has been in the works, and we'll have various committees named and defined. We'll be looking for some self-starters who are able to work with a minimum of supervision to chair and man (woman?) various committees. Look for announcements in the COMSEC LETTER. DESKTOP PUBLISHING Well, your editor finally bit the bullet and bought a laser printer so this letter should look a tad better in the future. Right now, we're able only to put out print in one typestyle, but as we learn to master the features (and buy some more software) we'll be able to dress up the letter so it looks almost professionally typeset. (By the way, if you have experience with a QMS KISS laser printer and can steer us to some helpful software, please call or write.) It is our plan to expand this letter during 1987, we hope to a full magazine with ads, articles, editorials, and more of what you have been reading in the COMSEC LETTER over the years. NEW FEATURE The COMSEC LETTER has had many submissions from readers and we've just not had the time to make use of them. One of the first was from Roger Tolces and contained the excellent suggestion that we start a regular feature called "Bugs and Taps Found". (Of course, if he had been reading the letters, he'd have known that we had already carried several "reports from the field".) Roger included a real-life story that we'll be passing along soon. Also, Gerry Linton of Calgary has sent along some information which will appear under that (or a similar) heading. For this issue, however, our member-supplied material is a book review by Dave Mann. We're sure that you'll find it interesting. If you have submitted information, or asked questions; please bear with us. The planned expansion of this letter will allow for much more material each month, and we'll start working our way through the backlog of material. BOOK(LET) REVIEW, by Dave Mann Review of The Business of Spying prepared and distributed by Sherwood Communications Associates. "The Business of Spying" was handed to me as I edged my way around the displays at the last COMSEC Expo in Washington, DC. At first, I thought it was just another exhibition giveaway, worth about what those plastic carrying bags go for. Cynical old investigator, I figured nobody gives anything up for free. So much for my pessimistic view of the industry. "The Business of Spying" is an excellent piece of work and makes me wish I had talked Sherwood out of the rest of the booklets! "The Business of Spying" is aimed at the private sector, industrial security arena. It covers a very accurate description of a "private spy" and makes certain the reader understands a very important point about the private spy: He (or she) rarely steals information where the boss can detect it, he memorizes or records it (usually on the uncontrolled copier machine) so that you will never know you've been had. Good point and bravo for Sherwood that they make the point up front. The primary areas where private spies operate, external threats (visitors, customers), trash collection and reverse engineering are all mentioned in the handout just in case you have been living in a cave for the past ten years and didn't know Trash Collection is one of the most lucrative means of getting inside your company's knickers. The "Family Tree of Eavesdropping Devices" and "Computer Network Vulnerabilities" were included as a means to diagrammatically display all the ways you can be had. My only complaint is that the Computer Network diagram was taken from the famous "Ware Report" on Computer Security (formally DoD CONFIDENTIAL), but now a classic in its own time. I think ol' Doc Ware should have been given credit someplace. Recommendation: Contact Sherwood Communications Associates, 1310 Industrial Highway, Southampton, PA 18966 and talk to George Russell. COMSEC ASSOCIATION BULLETIN BOARD (BBS) C'mon in! Dial up our association's bulletin board. Paul Bowling has done a marvelous job in setting it up and keeping it running. This has been a purely voluntary effort on his part, and has immensely added to our ability to communicate with members and potential members. He has provided all of the equipment involved and the phone line as well. Let's use the board, encourage others to do so, and strengthen our association. Dial up the board and delve into its information. You'll be glad you did. 301-843-9266. ON WORDS Your editor tries to always use the right word. In fact, he's a stickler for precise language. (One of our readers has even commented that he is not very interested in the subject matter, but he reads the letter because "it is written in something which closely approaches English." From him that's a compliment -- even without the inclusion of "closely".) In any event, it's time again to comment on how members of the fourth estate mangle communications by using the wrong words. What comes to mind first is the fact that some of the press coverage of the Voyager adventure has used the word ungainly in describing that beautiful, graceful, svelte flying machine. Now maybe it's unconventional in design -- different maybe; but it is definitely not ungainly. Don't you think that people who earn their living by using words should make an extra effort to use the correct words? That thought surfaces every time a reporter uses the word tarmac incorrectly. When they are describing an airplane taxiing, they invariably say it is taxiing "on the tarmac". Truth is, almost 100% of the time it is taxiing on concrete, not tarmacadam. They just never bothered to learn that some of the airport's paved surface is called runway, some taxiway, and some apron. They never bothered to learn the meaning of the word tarmac. They heard it used and simply copied from another unlearned reporter. Oh well. A PERSONAL MESSAGE FROM YOUR EDITOR (AND HIS WIFE!) Since sending out the letter which included the message about our automobile wreck and Lynne's injuries, we have received many, many calls and notes. From both of us, thank you for your concern, for your prayers, and for your understanding our lack of asperity in doing the things that are normal. On the positive side, and most important, Lynne is recovering nicely, and the prognosis is for eventual full recovery. She sends her thanks. On the negative side, boy, has the work piled up! Are we behind! (But as Chuck Case says, "It's better to be a little behind than a big one.") Seriously, we have fallen far behind in our work, but we are trying hard to catch up. Please, if you have written or called and not had a response, don't be bashful; call again. We won't be offended, and we'll be glad to hear from you.