ComSec Letter Editor: James A. Ross YOGO 3 1987 COMSEC LETTER The ComSec Letter was started in 1984, The Year Of George Orwell, by Jim Ross. Initially it was mailed at no charge to everyone on his mailing list, and it was later offered by subscription. After the founding of the Communication Security Association, the letter became its official organ. In 1989 the association decided to create a new organ, Comsec Journal; and, in order to minimize confusion, the name of this letter was changed to Surveillance. What follows is an edited version of the contents of one year of the letter. (The letter has been edited to remove topical, superfluous, and outdated items.) Ross Engineering, Inc. 7906 Hope Valley Court Adamstown, MD 21710 Tel: 301-831-8400; Fax: 301-874-5100 January, 1987 ANNOUNCING! The ComSec Association announces its second annual meeting: SURVEILLANCE EXPO '87 to be held at the Sheraton Hotel and Exhibition Center, New Carrollton, MD (on the Washington, DC beltway) October 20 - 23, 1987. Conference and Exhibits: October 20 - 22. Membership meeting: October 23. The conference and exhibits will feature the latest in the fields of communications and information security, surveillance and investigations technology. The ComSec Association will again offer seminars and panel discussions featuring people with real, current experience in their fields. We're billing it as a "nuts and bolts" affair. Although the program is not yet fully defined, we're arranging for conference participants to be able to interact with "hands- on" experts in areas such as: DES vs. Other Standards Defense against Hackers Defense against Electronic Eavesdropping Modern Methods of Phone Tapping NSDD 145 Electronic Communications Privacy Act Biometric Access Control Systems Night Vision Equipment and more, much more. In order to tailor the conference to the needs of security professionals, we're sending out a questionnaire to 25,000 qualified people, asking them to rate the desirability of many, many subjects. Once those results are tabulated, we'll be contacting the people who have volunteered. If you are interested in making a presentation, send us a short note outlining your topic and your qualifications. For more information: Shirley Henschel, Conference Coordinator Surveillance Expo '87 9306 Wire Avenue Suite 701 Silver Spring, MD 20901 301-588-3929 ECPA Electronic Communications Privacy Act. That's the new law that decrees that there are some frequencies that we should not tune to. If they want to enforce it, they'll have to create "Frequency Police". (All calibrated at NBS to prevent accidental arrest due to incorrect frequency readout.) Looks like "Thought Police" will be the next step. But let's be serious about this silly law. We're still working on trying to understand all of its provisions, and we've had some interesting discussions with Bob Horvitz, Bob Jesse, Barbara Rowan and others. It looks like we'll have a great panel discussion at our fall meeting! Anyway, for this month our comments about this law relate to the "jaw-dropper" that we heard in Beverly Byron's (our Congresslady) office. As we picked up the material which tells how to amend the old law we commented to the staff, "If the new law says what we've been told it says, it will be illegal to listen to stereo music on the radio, or to MUSAK." The response from the staff was, "It doesn't matter what it says now. They always change the words after a law passes to make it mean what they meant to make it mean in the first place." Now isn't that a fine kettle of fish! Our elected representatives vote to create a new law, and then somebody rewrites it after they vote on it, to change its meaning! PUBLICATION OF INTEREST For some time now we've been reading Police and Security News with some interest. The reason for this comment at this time is that in the January-February issue a new column was introduced. Written by Steve Uhrig, it relates to modern electronics as applied to police work. The first column is entitled "James Bond Electronics -- PRACTICAL for the Small Department". Our hats are off to Dave Yaw, Publisher, and Steve Uhrig, author. Good, practical, down-to-earth information of this kind has been sadly lacking in our opinion -- especially in law enforcement publications. As a matter of fact, good technical information is really hard to come by in many of the popular security and communications magazines. (One of the communications magazines recently said that ISDN stood for Integrated Standard Data Network; that you should have a "lightning rod to attract and safely ground lightning"; and referred to bandwidths of 64 kilobits and 1.544 megabytes.) (In case you're not a communicator, ISDN stands for Integrated Services Digital Network [or Innovations Subscribers Don't Need, depending on your point of view]; lightning rods create a field to try to prevent lightning hits; and bandwidths are measured in Hertz (related to bits or bytes per second, but not related to a number of bits or bytes.) Anyway, back to Steve's first column. Overall it should be of value to the people it was aimed at -- law enforcement officers in a small department. They don't have experts in electronics, night vision, etc in their organizations, so they need all the help that they can get. We're looking forward to seeing many more columns like this in that publication. For subscription information, P&SN, POB 330, Kulpsville, PA 19443. SURVEILLANCE EXPO '87 How did we come up with that name? Well, as you may recall, our first conference was entitled "ComSec EXPO '85", a good name for a meeting of an association of folks who work in the field of communication and information security. However, much of the technology related to investigations so we called one track "Investigations Technology". This year, in preparing for our second meeting we went over our notes relating to the earlier conference and found that surveillance was the one common thread in all of the interesting panel discussions and exhibits. We tried every way from Sunday to bring the ComSec name into the title, but surveillance always was there. So that's how the name, Surveillance Expo 87 came about. By the way, potential exhibitors, there is no conflict with the IACP meeting which starts in Toronto on the 24th. C'mon in and show your wares. We are planning a great show, and expect that attendance will be several time what it was during our first show. OTHER COMSEC ASSOCIATION NEWS Your directors have decided to take the advice of some membership association pros, and to fly in the face of some other advice from some other pros. The advice that was taken says that it is nonsensical to end membership years one year from the date of joining; all memberships should expire on the same date. Therefore, we have decided that the end of our membership year will be September 30. All current members will be asked to make a pro-rata dues correction by Paul Bowling in the near future. The advice that we did not take told us that life memberships normally cost 20 time annual dues. We decided that we'd like to offer life memberships to current members for a limited time at 10 times annual dues, and set Dec 31 1987 as the cutoff date. That's right. If you are now a member, or ever have been a member, you may become a life member for $500 anytime between now and the end of this year. If you have never been a member, your cost will be $550 during this year only. After December 31, life membership will cost $1,000. (these rates are for USA, Canada, and Mexico; other countries: $700 and $770 before December 31; $1400 after that date.) Also, we've done away with student memberships because of all of the problems that they created. We want very much to have young folks who are going to school involved and learning about this technology, and we tried; but the problems of administering student memberships were too much. Maybe one of our members will devise a way that we can keep students involved. Let's hope so. STARTING OUR FOURTH YEAR! It's amazing how time flies when you're having fun. It's hard for us to believe that this is the fourth year that we've been turning out this letter. We've enjoyed it; hope you have too. The first issues were typed on an IBM PC by a two-fingered typist, and stored on floppy disks before being printed on a dot matrix printer. Now they're stored on an almost-full 10 meg hard disk before being printed on a laser printer. Some things never change, though. They are still typed with two fingers. NEW CORPORATE MEMBERSHIP PROGRAM At a recent board meeting your directors decided to offer corporate memberships at rates which relate to the size of the corporation. (Actually, the program relates to any business or association, whether incorporated or not.) Here's the way it goes: Number of employees Annual Dues Number of Members 1 to 5 $150 1 6 to 10 300 2 over 10 450 3 The members will be designated by the corporation, and may be changed if an employee leaves or is transferred. The memberships carry full membership benefits and full voting rights. The corporation will receive a 10% discount on everything purchased from the association such as advertising, booth space, etc. In addition, the corporate members will be listed in various publications as a sponsor of the association. NEW CONTEST! The grand prize is a mention in this letter, and doing the research and compiling the results will be arduous; but maybe somebody will take the challenge just for the fun of it. What we're looking for is a listing of organizations, businesses, etc. that routinely tape telephone calls without notifying the caller. What comes to mind immediately are stockbrokers, emergency services (fire, police, ambulance), hotel hot lines (all Marriott hotels have a "guest hot line" for problems), some private investigators, etc. The next step in this research is, of course, to list the number of criminal indictments for illegally recording telephone conversations. The serious intent of all of this work is to make available to all (even lawmakers) real information on the real world. All contributions welcomed with open arms. They don't have to be fancy, just readable. Y'all come. Heah? BY-LAWS; ELECTIONS The founders of CSA pledged to always keep in mind that the first duty of a membership association is to provide service to the membership. At our organization meeting on October 23, 1987, members will be asked to approve the By-laws created by the current directors. Those By-laws specify that directors will be elected by the members, and the officers will be chosen by the elected directors. During that meeting, we will be electing some new directors and installing a new slate of officers. You are urged to attend, and to assist in the planning beforehand. TAP, BACK ISSUES Ben Harroll advises that back issues of TAP are available from Pete G, PEI, POB 463, Mt. Laurel, NJ 08054 @ $100 for the full set, which includes issues 1-83 and some schematics. We'd be glad to pass on any comments from satisfied (or dissatisfied) customers. February, 1987 COMSEC ASSOCIATION ANNUAL MEETING The second annual meeting of the ComSec Association (details: page 2) will be held on October 23, 1987 in conjunction with SURVEILLANCE EXPO '87. to be held at the Sheraton Hotel and Exhibition Center, New Carrollton, MD (on the Washington, DC beltway) October 20 - 22. Surveillance Expo '87 will feature three full days of meetings, workshops, and seminars with lots of time available to visit the exhibits. The conference and the exhibits will cover the latest in the fields of: SURVEILLANCE & COUNTERSURVEILLANCE INVESTIGATIONS TECHNOLOGY COMMUNICATIONS AND INFORMATION SECURITY TECHNICAL SURVEILLANCE COUNTERMEASURES RELATED TECHNO-SECURITY FIELDS At SURVEILLANCE EXPO '87 we are dealing with many technical subjects which, all too often, have been sensationalized to the point of absurdity, misunderstood by the press and public, misrepresented by unscrupulous hucksters. We are planning an event which presents detailed and factual information which can be understood and appreciated by attendees who are not technical experts. SURVEILLANCE EXPO '87 is intended to be a "nuts and bolts" conference with heavy emphasis on real, practical, down-to-earth information. In order to tailor the conference to the needs of security professionals, we're sending a questionnaire to qualified people, asking them to rate the desirability of many, many subjects. Once those results are tabulated, we'll be contacting potential speakers. If you are interested in making a presentation, send us a short note outlining your topic and your qualifications. COMMUNICATIONS SECURITY ASSOCIATION Objective. The objective of the ComSec Association is to enhance professionalism in the information and communications security field. The principal activity in support of this objective is to provide accurate and unbiased information on the technologies relating to protection of privacy. This means a heavy emphasis on communications and information, but it also includes the field of surveillance. The association encourages open and complete interchange of information among members. History. The ComSec Association was founded in 1984 as a non-profit membership association. The first annual meeting took place in December of 1985 in Washington, DC. No meeting was held in 1986, so the 1987 gathering becomes the second annual meeting of the members. There are currently about 300 members. The founders, Arnold Blumenthal, James A. Ross, and Craig Silver elected Ross to serve as president until By-Laws are adopted, and a new board of directors is elected. Craig Silver later agreed to serve as the association's counsel and, therefore, had to resign from the board because he could not represent an organization of which he was a director. Kenneth R. Taylor, President of Target International Corporation in Miami, was elected to fill the vacancy. Later, the board size was increased to 5, and Paul Bowling of National Investigative Services, Inc. and Eugene T. Smith of Teltron, both in the DC area, were elected to fill the vacancies. Smith later resigned. Second Annual Meeting. The second annual meeting of the ComSec Association will take place on October 23, 1987 at the Sheraton Hotel, New Carrollton, MD following Surveillance Expo '87. All members of the association are urged to attend. The organization is involved in fields of technology which are changing dramatically and rapidly. As professionals, we must continue to study and learn, and the conference and exhibits will provide a great learning opportunity. Several of our '85 exhibitors have reserved space, and we're hoping to have about 100 exhibitors as compared to 43 last time. New Director. Recently the Board of Directors met to elect a new director to fill the vacant slot, and voted to bring Chuck Doan on board. He has agreed to handle the job entitled VP, Finance. Finally, after years of confusion, the money matters of the association are going to be organized. If you want to contact him, his address is: Charles W. Doan Clancy, Doan Intl. Assoc. Inc. 117 Rowell Ct. Falls Church, VA 22046 703-237-0611 Welcome, Chuck! ECPA, WHAT DOES THE LAW SAY? While visiting a colleague in another state recently, I heard him tell a journalist that it was OK to record telephone conversations of people talking on your own company's phone without their knowledge or consent. Your big smart expert editor advised him that it might be all right according to his state laws, but that such eavesdropping was a federal felony. He countered with, "I checked with the FBI and they told me that it's OK." Wow. Maybe I really don't know what the federal law says. Better read it again after I get home. You know how it goes. You get back from a trip, and here are all these things awaiting your attention, so the law did not get read. Then comes an issue of Communications Week with a feature article on SMDRs, and in this article there is a flat statement that the law's "business extension exemption" lets employers eavesdrop on business related calls. Wow again. Grab old law. Must be in 18 USC 2511. Read. Read. Read. No mention. Ah Ha! Get smart. Call Barbara Rowan. Dear sweet lady takes time out from writing a memo with an impending deadline. "Must be in 2511." she says. "Hmmm." she says. "Can't find it. Have to call you back." While Barbara is researching this, let's hear from you. What do you think the law says? Or is there some case law in which the judge took it upon himself to do the job of the legislative branch? Meanwhile, your ol' ed has been trying to unravel the puzzle. He talked to the reporter who wrote the story in CW, and the reporter referred him to the lawyer who was quoted. After six calls to San Jose, Robert D. Baker called me back. Asked if he had been correctly quoted in the CW story, he asked, "What's Communications Week?" So I read him his various statements, and his response was that he had never made those comments; in fact, he said that, as a civil rights lawyer, he would have responded exactly opposite to the statements attributed to him. So, Jon Swartz and the editors of Communications Week, the ball is in your court. Where did you get the idea that there is a "business extension exclusion"? BACK ISSUES OF COMSEC LETTER Soon all of the back issues of ComSec Letter will be available on our BBS. At present, we are editing those letters on our word processor, and will upload them to the board when finished. (No, we're not removing the mistakes; we're editing to remove topical items such as meeting announcements, etc.) AN IDEA TO WAKE UP SOME SELF-SATISFIED BUREAUCRATS Recently, I talked to some government people about the mess in Moscow. Among others, I called the staff director of the committee which was planning hearings about the bugged embassy in Moscow. The reason for the call was to advise that there is a professional association that has TSCM experts available to testify. He said that they planned to call only government witnesses, implying that only people with government security clearances could possibly understand advanced bugging systems. Ha! It was government experts (with security clearances but no knowledge of resonant cavities) who checked the Great Seal that the Soviets gave us, and said that it was OK to hang it in the Ambassador's office. As a result, of course, the Soviets were able to hear everything that was said in that office for years. In fact, they would still be listening except for the detail that a defector told British intelligence about it, and the Brits contacted our people saying, "I say, old chap, did you know..." So the State Department is attempting to recruit 200 people (in Houston because there's a lot of unemployment there) so they can beef up security around the world. Wow! They're going to take some people off the street, give them 80 hours of training, and ship them out to protect our embassies from espionage. They actually plan to use these instant experts to counter the efforts of the Soviet professionals. Only in America! So here's the idea to shake up some fat cats who think that only government experts know anything about bugging. Let's have a brainstorming session during Surveillance Expo '87 to discuss new ways of bugging. We'll invite members to present ideas, and get a consensus from the group as to the practicality of each. Of course, no one with a government security clearance will be allowed to submit proposals. Its a free country, so the press will be invited. We'll discuss sound conduction through pneumatic tubes, remote transmitter location, delayed transmission of recorded audio, irradiation of non-linear junctions with microwave energy, various spread spectrum modulation schemes, modulation of light, transmission of modulated ultrasound through pipes, etc. What do you think? Do you think knowledge of electronics is reserved unto government people? Let us hear from you. March, 1987 SURVEILLANCE EXPO Well, a few people did a lot of work, but many of the things we thought would come true never did, so the board has decided to postpone Surveillance Expo '87. At this time, we cannot even provide a tentative date for the rescheduled event. However, here's a personal promise from Jim Ross: before he announces another date, he'll be absolutely certain that all resources needed to ensure success are in hand and not just promises. The single overriding reason for our failure was our almost total dependence on volunteers due to lack of funds to hire help. Therefore, our plan is to use currently available resources to enlarge the membership so that we'll have the wherewithal to be able to hire professional help. The first step in this process is to collect dues from current members by sending dues-due notices with the ComSec Letter. (Seems like a sensible thing to do, but it had never been done before.) Next, we plan to increase the dues revenue by increasing the number of members through mass mailings. Because several firms have agreed to participate in a joint mailing for the benefit of the association, and to pay all mailing costs, we'll be able to do this for only the cost of creating and printing the mail piece. The first mailing is scheduled for July, and another will follow shortly thereafter. We're charging participating businesses $2,000 to send a mail piece to 25,000 prospects (Security Systems subscribers and everyone on the Ross Engineering mailing list). If your company could benefit by mailing to such a list, call Jim Ross right away. We plan to mail to 50,000 people in the next three months. MOSCOW EMBASSY FLAP One of our correspondents reported that he had had a conversation with an AT&T manager who had just returned from Moscow. The AT&T fellow said that they had been unable to pull wire through the in-place conduits because the conduits were already full of Russian wire. That's the way to do it. Don't be subtle. Run your bugging wiring through the same conduits that are used for legitimate communication. Oh well. MEMBERSHIP DUES With the previous issue of this newsletter we sent out small notices to all members whose dues were paid to any date other than September 30, 1987. (The membership year now runs through September for everyone, so that all memberships will expire at the same time.) A word of explanation is in order. Because of changing responsibilities among the directors of the association, a long period went by with no dues notices being sent to anyone and we decided that it would not be fair to dun people for back dues when they had never received any notices. Therefore we devised a small notice and advised on the amount necessary to extend membership through September 1987, or September 1988. Our thanks to all who have responded. If your payment was received before this issue was mailed, your new membership card is enclosed. (A new certificate is in the works; please be patient.) We're really gratified that renewals are outnumbering cancellations by about twenty to one. Also, we really appreciate the confidence demonstrated by all, and we're proud to report that more than half are renewing through 1988. If we have not yet received your renewal, you'll find another little note in the envelope with this letter. As we have pointed out, all records are being maintained by volunteers, and we know that we're not perfect. If you don't agree with our records, don't stew about it; let us know and we'll correct our files. MOSCOW EMBASSY FLAP, II Lessee now. The Senate wanted to get technical advice on what to do about the bugged embassy, so they asked the experts who let the Soviets bug it in the first place. Based on that expert advice, Senator Boren says we'll have to tear it down, and build it over again. As we see it, senator, it looks like this. First your experts let the Soviets get away with what you report as extensive bugging, and then they throw their hands in the air, saying, "The Soviets are too smart for us; we'll have to give up and tear the building down." A question for the senator: "What makes you think that those same experts will be any smarter or more in control the next time we try to build this building?" ECPA These comments on the Electronic Communications Privacy Act are triggered by an editorial by Wayne Green in a recent 73 magazine. Under the heading "CONGRESS GOOFS", Wayne points out that the prohibition against listening to what has been broadcast on cellular frequencies has proved to be very helpful to organized (and disorganized) crime. To understand, you'll first have to appreciate that not everyone lives by the rules, and that the cellular system is a great technical achievement, but lacks one essential administrative ingredient. The people who designed the system must have assumed either that all users would be honest, or that no one other than their trusted techies could enter the electronic serial number (ESN) into a cellular transceiver. Operating under such an assumption, they established a verification system that looks only for negatives when deciding to accept a call. That is, if you have reported your phone stolen or have not paid your bill; you will not be able to make a call because your ESN will be listed in the file as NG. That's fine if everybody is honest, but that's just not the case and the crooks soon found that they could have fictitious ESNs entered into their machines, and the system will accept calls from them because they are not on the bad guy list. What this all means is that the cellular phone companies check a NG list before accepting a call, but they don't have any way to check that the ESN is a valid one. So the bad guys have phoney IDs entered into their machines, make calls all over the world, never have to pay for them; and, because of the ECPA, never have to worry that what they say on the air will be used against them. Wayne ends his editorial with the following paragraph: "If it weren't against the law to listen to cellular channels, I'd suggest that we hams help the law by listening for suspicious cellular calls and recording them. Say, how'd you like to get the goods on some serious crooks and find (a) the evidence is inadmissable because it was illegally obtained and (b) yourself on trial for making the recordings. So join me in a big laugh, okay?" Well, if you've been reading the ComSec Letter, you know your editor's opinion of this law, but I can't go along with laughing at it. It's a perversion, and should be done away with. Period. NO MORE ASSOCIATION BULLETIN BOARD Well, we did have a bulletin board for a while, but Paul Bowling, who did all the work and bore all of the expense, decided that he wasn't going to do it any more. We're sorry. We think that this organization should have a computer bulletin board, and we're determined to establish a permanent board for the use of members. Stay tuned. GREAT NEW PRODUCT! Radio Shack has done it again! If you ever have need for a DNR (dialed number recorder), get right down to your Radio Shack store and check out their CPA-1000. It's a neat little package with a neat little price. It will print out all of the numbers dialed, length and time of day on all calls. In fact it does essentially everything that the 10, 15, and 20 thousand dollar units do, and it sells for one hundred dollars! Wow! (Ed. note: I just read over that last paragraph, and I used more exclamation points in that paragraph than I used all last year. Well, the CPA-1000 is worth every one. Double Wow!!) NEW PUBLICATION Glenn Whidden of Technical Services Agency, Inc. has announced a series of technical articles on electronics, eavesdropping, and countermeasures. Everyone working in the field of countermeasures should try to learn about electronic communications, and these papers certainly will be helpful. Good luck, Glenn. I know it's wishful thinking, but I hope some of the "professionals" in this field will begin to get an education. Unfortunately I'm afraid that their egos are such that they know they don't even have to learn the meaning of words they use like frequency, impedance, resonance, etc. Their eyes glaze over if you mention Maxwell's Equations or Bessell Functions, and if you use a common phrase like L di/dt, they think you're speaking a foreign language. (To them, of course, calculus is a foreign language.) Well, maybe some of the companies that have started in-house TSCM programs will subscribe for their technicians. I hope so. Education protects us, and every step toward better education is a good step. C'mon, all you corporate security managers. Order this course for your TSCM people. Contact Glenn Whidden on 301- 292-6430, at TSA, 10903 Indian Head Hwy #304, Fort Washington, MD 20744. It's $130 for twelve issues, and well worth it. The August issue of Radio-Electronics magazine lists six different national non-profit associations which examine and certify electronic technicians. We'll be pleased to list everyone in the profession who achieves certification. Send a copy of your FCC license or technician certificate to the editor. April, 1987 GREAT IDEA! This idea came from one of the participants in a recent seminar, and relates to my comments that infinity bugs are not much of a modern threat because they require a cooperating telephone if the target is on an ESS exchange (and almost everybody in this country is on an ESS exchange). (The reason that they are not much threat is that they answer the phone before it rings. So, if you installed one on someone else's phone as a bug, it probably would not last long because he'd wonder why his phone never rings and have it checked.) The great idea that was put forth in the seminar is that an infinity bug sure would work fine if installed in a conference room telephone. Think about it. If there is direct dial to the conference room (no operator on a PBX listening for the ring signal on the conference room extension), this could be a major threat. Unless there is accidental discovery, there is a good chance that no one would be at all suspicious of the lack of a ring on the phone. Another good reason to get rid of phones in conference rooms. MEMBERSHIP DUES With each of the last two letters we have included a note to each member who had not sent in dues to renew his membership according to our records. The response has been very encouraging, but there are still many people receiving this letter who have not renewed their memberships. We cannot afford to continue to send the letter if we do not have support in the form of dues payment. Therefore, be advised that this may be your last letter if we have not received your payment before the next issue is mailed. It will be your last issue unless you advise us of an error in our record keeping, or we find that we have made an error. Speaking of errors, we certainly don't claim to be perfect. First we had the list on the Ross computer; then we went to an outside vendor which had three owners in rapid succession, then we went to a volunteer who didn't have time enough, and now it's back on the Ross computer. Yes, there have been some errors, but we think we've just about got it all straight finally. WHO MONITORS OR RECORDS ILLEGALLY? THE PREMISE In a recent COMSEC LETTER we asked our readers to send us examples of how the federal law requiring at least one party consent to monitor or record conversations is regularly violated with no legal action taken against the violators. After all, it is a federal felony, and we would logically expect enforcement by constituted law enforcement agencies, no? POLICE Well, it may just be that law enforcement agencies are the biggest violators. Here in Maryland (where state law requires all party consent to record phone conversations) some Montgomery County police officers have brought suit for $865,000 against their department alleging that their calls were recorded without their consent. It seems that the Montgomery County Police department routinely records all calls to the department, not just those calls to the 911 emergency number. Come to think of it, is there an exception in the law which allows recording of calls to emergency police numbers? I just read through 18 USC 2511 again, and I can't find any exemption allowing such recording. Are police departments regularly committing felonies while they're trying to do their jobs right? What do your state's laws say? SCHOOLS Most schools have intercom systems which allow selective messaging to all rooms, to some selected groups of rooms, or to single rooms. In addition to allowing messages to be sent to the rooms, the systems also allow listening to activities within the rooms. My consultants advise that the system used in the schools where they worked had no light or other signal in the room to alert occupants that they were being monitored. It looks like this is another case where people who are trying to do their jobs right are violating the law without even being aware that such a law exists. The California Supreme Court has ruled that such monitoring is a violation of the students' right to privacy. COMMERCE In the July issue of Security magazine an item described the use of monitors in McCormick Place, a Chicago convention and exhibition center with "tubed walkways" and large parking areas where providing personal protection is difficult. According to the article the security department uses Aiphone intercoms to listen for trouble. Again, we have people trying to do their jobs right, and apparently violating the law in the process. THREAT ASSESSMENT, TELEPHONE TAPS GENERAL In estimating the threat to privacy posed by telephone taps, several factors must be considered. First and foremost, we must evaluate what it is that any tapper hopes to accomplish. What is it that we have that is of value to someone else? Second we must determine his strength. What resources can he commit to accomplishing his aims? Those resources can be summed up as technical competence, time, access, and money. MAJOR THREATS Strange as it may seem, one of the most dangerous threats might be from a small competing business, run by an electronic hobbyist, which occupies space in the same building. The rationale for that statement goes as follows. A technically competent small business owner can do the work himself without involving any one else. He has no time pressure and he has access. He doesn't need much money because he doesn't need to hire anyone and the equipment involved in tapping is ridiculously inexpensive (less than $100). He could easily install automatic recording equipment and scan the recordings for the information that he wants. On the other hand, supposing the threat is from law enforcement. Contrary to the impression created by TV shows, law enforcement agencies are not all-wise and all-knowing. Some departments have no one capable of tapping phone lines, and getting the necessary court order can be difficult. However, let's consider a qualified law enforcement organization. If the activity is to collect evidence to be used in a trial, they must be very careful to be certain that the evidence will be admissable. We believe that a good defense attorney will attack any incomplete tap-generated evidence, and that means that all lines must be monitored. Further, officers must be assigned to the listening post and other officers must be assigned to keep the suspect under surveillance so that they can provide corroborating testimony. In addition to monitoring all lines and transcribing all tapes, a continuous chain of custody must be maintained over the tapes and sometimes experts must be used to verify that the tapes have not been altered, etc. (Recently one of our seminar participants advised that his state requires that there must be continuous human monitoring of all lines so that only the conversations of the suspect are recorded, creating even more manpower requirements.) SUMMARY Law enforcement has a major job on its hands when it sets out to gather evidence via wiretaps. On the other hand, the competitor operating without rules can do the job very simply. He is not looking for evidence, only information. SOME GLOSSARY TERMS ACM. Audio countermeasures. Another name for TSCM. BRIDGE. In telephone parlance this can be a noun or verb and refers to making a parallel connection to a pair of telephone wires. In contrast, in electronics a bridge is a four-terminal device with several applications depending upon configuration. DIALED NUMBER RECORDER (DNR). Device which records all activity on the telephone line to which connected. Time off- hook, time on-hook for all calls; numbers dialed for all outgoing calls. In the days of pulse dialing a device called a pen register did the job of recording numbers dialed. ESS. Electronic Switching System. The newest of the switching systems in use by the telephone companies in the USA. You are served by an ESS exchange if you have access to the special features of call waiting, call forwarding, and three-way calling. HARMONICS. Frequencies that are integral multiples of the fundamental frequency. HERTZ (Hz). Unit for measuring frequency equal to one cycle per second. KiloHertz (KHz) = 1,000 Hz; MegaHertz (MHz) = 1,000,000 Hz; GigaHertz (GHz) = 1,000,000,000 Hz. TEMPEST. Refers to classified government effort to protect against compromising emanations from electronic equipment. (It may be a coined word, and it may be a semi-acronym from transient electro-magnetic pulse emanation standard.) TITLE III. Refers to equipment for surreptitious interception of communications. For most people, possession, advertising, sale, and use of Title III equipment is a felony. TSCM. Technical Surveillance Countermeasures. Commonly called debugging, sweeps, or electronic sweeping. However, these terms do not adequately describe the full range of TSCM activities, and seem to be more descriptive of "magic wand" operations and not of professional work. Let's stick with TSCM. May, 1987 SOME COMMENTS FROM YOUR EDITOR We're now in our fourth year of composing this letter, and it seems to be a good time to plan some changes based on that experience. So here we go. 1. Many of the people who have written to us have received no thanks either directly or in print; so we're resolving to rectify that by starting the process of acknowledging all of the folks who have sent clippings, comments, suggestions and questions. Therefore, beginning with this issue, we're going to include either Feedback or Questions and Answers or both as regular features in this letter. 2. We've been neglectful of late in steering you toward (or away from) publications that we have read so we're resolving to pass along opinions on such things on a regular basis; and in this issue you'll find a review of two items recently read. 3. It has long been our desire to include a short technical essay with each issue of the letter. At this time we're not ready to commit to a new essay with each issue, but at least we're ready to start. Beginning with the next issue you will receive two pages each month from the glossary which has been created by your editor for his seminar, Defense against Electronic Eavesdropping. 4. Each summer has been a catastrophe as far as schedules go, so we're going to face facts: getting the letter out each month in the summer is not possible so we're going to go with ten issues per year. (To answer Ben Harroll and others who have asked: No, we did not publish in July and August last year [YOGO 2.07 and 2.08].) 5. Teleconnect and The Councillor (the organ of the Council of International Investigators) have several times republished some of the thoughts in this letter, and we're pleased. We invite all editors to republish anything with appropriate credit. 6. Last, but not least, we're looking for practical ways to improve this letter and get more information out each month. New hardware and software will help us to dress it up, but we'll need additional income to expand to 8, 12, or 16 pages. We've given serious thought to selling advertising in the letter or mailing advertisers messages in the same envelope. What do you think about receiving advertising messages in/with the ComSec Letter? FEEDBACK (The following comments are based on the material that happens to be on the top of the stack. There were no criteria for determining what to include at this time; we merely grabbed the items closest at hand. Next month we'll add some more.) We get clippings and calls on a regular basis from the folks at Sherwood Communications Associates. They have a lot of contacts with a lot of people in this field, and really do a great job of keeping us informed. From California, Norman Perle sends us copies of his press clippings, and Roger Tolces sends an occasional note to advise that your editor doesn't know what he's talking about. (By the way, Roger has submitted a report on a bugging system that he found and we'll get around to running it as soon as we can find time to edit it.) Don Schimmel gets the credit for calling our attention to the two-faced operation of our Congress with regard to the airwaves. (See the segment entitled "Who does own the airwaves?") Nice note from Jerold Hutchinson with his membership renewal. He says he enjoys reading the newsletter and "keep up the good work." Thanks Jerold. Encouraging words help. QUESTION AND ANSWER Q. Our old friend, Ted Genese, sent along a flier from Winkleman in England, and asked what they meant by "line interceptor [which] enables an adversary to monitor more than one communications line from a single listening post." A. Well, Ted, we featured some of the US Winkleman claims in a letter about two years ago. As I recall they claimed "Complete Protection against Wiretaps", but never demonstrated that they could provide such protection. (The reason that they couldn't, of course, is simply because nobody yet has any equipment which will detect a simple tap properly installed.) Our mail to their last US address comes back "Moved. No forwarding order", so we presume that they have closed their offices on this side of the pond. To answer your specific question, Ted, I don't know what they mean by a line interceptor. Sounds mighty mysterious, but it doesn't sound like anything I have ever studied about in communications electronics. However, the idea of monitoring several lines from one location is nothing spectacular; answering services do it all of the time. Nothing spooky about it at all. I hope our public servants who tap lines save a few tax dollars by consolidating a lot of taps in one listening post. Paying a few extra dollars out to the phone company for lines to one LP is a lot cheaper than setting up and manning many different LPs. WHO DOES OWN THE AIRWAVES? If you've been reading this letter, you might have received the impression that your editor is not a fan of the ECPA of 1986 (Electronic Communications Privacy Act). You'll recall that he thinks it is stupid to pass an unenforceable law, especially one that makes it a crime to listen to what has been broadcast. Yes, that's right. Our legislators passed a law that makes listening to the content of broadcasts on some frequencies OK; on some others, a misdemeanor on others, a felony. (Soon we will have to have a frequency meter, with calibration traceable to NBS, with us at all times while we tune our radios.) In any event, Congress passed this silly law in November of 1986, and it became effective in January, 1987. In the summer of '87 the FCC abolished the "fairness doctrine" which had forced commercial broadcasters to provide equal time, and thereby really angered the Congress. In the words of Ernest F. Hollings, Chairman of the Senate Committee on Commerce, Science and Transportation, "The American people, not the broadcasters, own the airwaves!" Well, yeah, OK, Senator. If we own the airwaves, why did you vote to make it a crime to listen to what has been transmitted over those airwaves into our homes? SMART, SMART, SMART We've been noticing a trend in big businesses lately which strikes us as really smart. More and more of our subscribers who work for big companies are having our publication mailed to their home adresses. Why is that smart? Think about it. Big company. Big mail room. Big payroll to pay the people who try to sort and deliver the mail each day. Why not let Uncle Sam do the sorting and delivery for you. Doesn't cost the company a thing. Smart. PUBLICATIONS REVIEWS Recently I ordered a booklet entitled "Study Notes on Secure Communications" and one called "Crossroad" from Spear and Shield Publications. Wow. What a surprise. The introduction to the secure communications booklet was written by Atiba Shanna -- New Afrikan Communist of the New Afrikan People's Organization, and it contains a lot of stuff but nothing about comsec. The other booklet contains several essays, but the title of one should give you an idea as to its thrust, "ON GORBACHEV, MICKEY LELAND AND SELF-DETERMINATION FOR AFRIKANS IN AMERIKKKA." Available for $2.00 from S&SP,1340 W. Irving Park #108, Chicago, IL 60613. Our recommendation: Don't bother. The other publication, however, we really appreciated, and we thank Howard Karten for calling and recommending "The Second Oldest Profession" by Phillip Knightley. From your editor's point of view this book had two strikes against it at the outset: it was written by an Englishman using English English, and the many, many references are distracting. Despite those drawbacks, though, I found it to be a very enlightening book, well worth the price. Before proceeding with the good stuff, however, a caution to those who think Ollie is a hero and the CIA should be in the drug trade: you won't like this book. That said, let us quote from the book to explain the essence of the reason for immortality of secret organizations: "Once invented, the intelligence agency turned out to be a bureaucrat's dream." "...rebut critics with the simple and unanswerable expedient of saying, 'You are wrong because you really don't know what happened and we can never tell you because it's secret.'" Throughout the book the author provides details of erroneous intelligence that was acted upon, and good intelligence that was ignored. For instance: "Ultra showed that Allied strategic bombing of Germany had failed to crack German morale, and had not made a dent in German aircraft production. ..... All this was passed on to proper authorities, yet the raids went on: the truth of Ultra did not suit the champions of heavy bombing." Very detailed. References galore. Old spooks will hate it. Hardcover. 436 pages. $19.95 from W.W. Norton & Company. CALL FOR VOLUNTEERS This association is just beginning to take shape and some volunteers are badly needed. Some people who are capable of working with almost no supervision can have a big impact on our growth and success. No, there will be no immediate reward other than recognition in our meetings and publications; but the long- term rewards could be substantial. What say? Want to take one of the committee chairmanships? We need help with our next expo, our next membership meeting, membership programs and benefits, local chapter genesis, budget and audit, and more. Call me. Let's talk about it. June/July, 1987 SURVEILLANCE EXPO '87 In case you missed the announcement in an earlier letter, we'll repeat: Surveillance Expo '87 has been postponed. It was well into the planning stages when it became apparent that we did not have the manpower or financial strength to do it right. However, there has been a lot of interest, and we'll be announcing new dates soon. Stand by. By the way, this is a program that needs volunteers to work. Interested? MORE ON ILLEGAL(?) EAVESDROPPING It's not that we're opposed to any of these activities that we have been reporting on. Certainly the apparently illegal eavesdropping activities reported last month are all undertaken by people who are trying to do their jobs right. The point of presenting this information is to emphasize that the law is not enforced and, in many cases, enforcement would be a travesty. Consider the case of the need to properly control prisoners. Audio surveillance is routinely used in jails and prisons as a means to get more coverage out of the staff. We'll not get into the argument as to whether prisoners have any right to privacy; that's another issue. The point is that the law does not mention an exception for lock ups, and it probably should. The law does make advertising or using equipment "primarily useful for surreptitious interception of oral or wire communication" a federal felony. So along comes a company called Louroe of Van Nuys, California with their "bare bones" Kit #ASK-4 which consists of a microphone, power supply and amplifier. The heading on their sale flier says "When you have a lot to protect Louroe Electronics protects a lot." At $270 retail their surveillance kit is recommended for convenience stores, delivery entrances, hospital therapy rooms, jail interrogation rooms, cashier and counting rooms, and all other secured zones. Is this company in violation of the law? Are they advertising something which is primarily useful ... etc.? If you use their equipment to eavesdrop on other persons without their knowledge or consent, are you breaking the law? What do you think? QUESTIONS AND ANSWERS Q. Ben Harroll asks if I have heard of an "FBI phone and room unit that saves up a day of conversations ... on a chip in digital form. Then dumps the whole memory in something like 30 seconds when they drive by and trigger a burst transmission which they then record and take back for further analysis (perhaps key words, phrases, etc.)". Ben also asks about a "wall unit that served to link the agents remotely with all the phones (perhaps room audio as well) in an entire building. The agent could access any phone from his base by contacting the unit built into the wall". A. Let's consider his multi-faceted queries. First let's consider the equipment available for digital storage of speech. Digital storage offers many advantages, but the equipment which is currently available is severely limited in capacity. For instance, I'm looking at the specs for a unit which is about 4 by 10 by 17 inches in size and consumes 20 watts of power from the mains. This unit would not be easy to conceal, and has the capacity of storing only 30 seconds of speech. Now I'm not going to say that a day's worth of conversations cannot be stored digitally; but, unless the FBI has come up with capabilities far beyond what is available commercially, it does not look practical. "Phone and room unit" implies that you would be storing tapped phone conversations as well as room audio, and I cannot understand why you would want to do that. The phone conversations can easily be stored at a remote listening post without any concern for concealing the equipment. It just doesn't make sense to try to do it in the target area. The other consideration is "driving by" and "triggering a burst transmission". (Sounds like Hollywood!) I know that it can be done, but I ask why build a radio receiver and transmitter into the recording mechanism? Such things are easy to detect, and are frequently detected by accident. The power level of the transmitter would be high enough to light up even a pen-set transmitter detector and the receiver LO would be detected by a good TSCM operation. And burst transmission? I know how and why and where burst transmission is used in at least one application, but I sure don't know why you'd try to use it in this situation. Maybe there is a reader to this letter who can shed some light on the use of burst transmission in such a circumstance. As for Ben's second question, the answer is exactly opposite to the answer to the first. The equipment needed to switch from monitoring one line or room to monitoring another is commonly available and not the least complicated. Building it into a wall is the most complicated part of the whole process, in my opinion. (However, it might just be that your informant was referring to remotely accessed DNRs and this technique is also very simple.) DUMB, DUMB, DUMB Recently, in the course of providing TSCM service to a client here in the DC area, we discovered that the carbon microphone in the conference room was wired to spare conductors and we spent the better part of a day tracking the wiring back to the listening post. Immediately after completing this job we left for a job in Ohio and another in Chicago, so we were out of touch pretty much while driving. One message picked up when calling the office from Illinois was from a private investigator in New York instructing me to call a lawyer in Washington, DC. (Neither the PI nor the lawyer were known to me.) When I got through to the lawyer, he began to ask me questions about my activities for my client the previous weekend, and the conversation went like this: "I need information on your activities for the XYZ Corporation last weekend." "Sir. Please don't take offense, but you are just a voice on the telephone to me. I will not even confirm or deny that I even know XYZ Corporation to you." His response was to advise me of his college, his degrees, his status with his firm, and the statement that he represents my client. Again, I advised him that he was still just a voice on the phone; and, before I would talk to him I needed approval from someone I know in the client company. "Well. Supposing I have John Jones or Pete Smith call you. Would that be all right?" "Sir. I just finished telling you that I will not confirm or deny that I even know that company. I'm certainly not going to confirm that I know some people by name in that company. If you want to discuss any client with me, first have someone that I know in that company call me, and tell me it's OK." The upshot of the whole affair is that the GM of my client company did call, and I did discuss the facts with the lawyer. However, I'm left with a very bad taste in my mouth for two reasons. First, my client is represented in a case involving industrial espionage by a lawyer who doesn't have the foggiest idea about industrial espionage -- is not even aware that one of the easiest ways to collect information is to pretend to be someone else and call and ask for it. The client has been the victim of a very well executed bugging system, but he has placed his trust in a man who can't understand why I don't provide chapter and verse to an unknown voice on the phone. Secondly, the lawyer, who doesn't know anything about electronics, refused to allow me to give him the information that I knew he needed. Instead, he insisted in reading me a list of questions which apparently had been prepared for him by someone else who doesn't understand electronics either. Consequently, whatever report that lawyer generated won't make sense and will be of negative value. DO THEY UNDERSTAND TELEPHONES, OR WHAT? Teleconnect calls this AT&T's marketing coup of the month. We're inclined to upgrade it to "of the year" or "of the decade". In a catalog received recently from AT&T is an item called "Power Failure Rotary Telephone". It seems that AT&T is offering a black rotary (pulse) dial telephone for $54 so you'll be able to dial out in the event of a power failure! (In case you're not a telephone techie of any degree, be advised that the touch tone phones don't need power from the mains to operate; they get their power from the exchange. By the way, AT&T Marketing Department, if there's no power from the exchange, the pulse phone won't work either.) To all of our friends in AT&T who really do know how phones work: We're really embarrassed for you. Maybe we should start a case to undivest! CONTRIBUTIONS The ComSec Association is organized as a non-profit educational association, 501 (c)(3). Gifts (not dues) can be deducted on your income tax return (read the rules). We are also under the impression that donations in kind (material things) can be deducted at full value (again, read the rules, or discuss with your accountant). Anyway, we need all the help we can get. If you feel like sending in a big cash donation, we sure won't refuse it. On the other hand, we badly need to upgrade our computer and printing capability, so we'd certainly accept anything along that line. Do you have anything that could be helpful? SPECIAL NOTE As promised, we're starting to include an extra page of technical information with your copy of the ComSec Letter. We can't promise to have it in with every issue, but we're starting with our TSCM Glossary, and you'll get one sheet with each letter. Aug/Sept, 1987 OUR MOSCOW EMBASSY, AND DID THE SOVIETS BAMBOOZLE US? Well, our elected representatives who visited our new embassy under construction in Moscow say that it is so thoroughly bugged that we'll never be able to use it. They said a lot of things that don't make any sense technically (such as it is just one big antenna), but they never did explain what the threat is. So here's a guess from the outside. I'll bet that the Soviets are aware that our government countermeasures people use non-linear junction detectors (NLJDs) in TSCM so they dumped thousands of old diodes and transistors into the concrete to create lots of responses for the NLJDs. We probably detected non-linear junctions every few inches on every beam and column and any place that there's poured concrete, and every one of those "hits" was reported as a bug. In case you're not familiar with electronic communications theory, modern equipment, and government TSCM techniques, let us review briefly. Modern electronic equipment contains active components that are solid state; some are discrete components, such as bipolar junction transistors and field effect transistors, and some are monolithic integrated circuits. Such solid state devices, by nature, contain non-linear junctions and one characteristic of non-linear junctions is that they generate harmonics of whatever radio frequency energy excites them. Our government experts knew this so they contracted for the design of a non-linear junction detector for use in TSCM. In use, its operators found that naturally occurring non-linear junctions also emit harmonics of the exciting frequency. (Naturally occurring NLJs occur any place that there is metal-to-metal contact with something like oil or rust in between.) Now, theory says that the naturally occurring junctions favor the third harmonic and the solid state electronic components favor the second (or maybe it's the other way around; I don't remember). In any event, the operator is supposed to be able to differentiate between an electronic component and a naturally occurring NLJ. However, many people with a lot of field experience have told me the false alarms drive them batty -- and many have told me that they no longer use this instrument. Now, I'm sure that Ivan installed many bugs in the embassy; but I'm also very confident that he installed a lot of junk to create false alarms for our people. What do you think? ECPA FOREWORD In November, 1986 the Congress of the United States of America, with almost no discussion or debate, passed the law known as the Electronic Communication Privacy Act (ECPA) of 1986. Shortly thereafter it was signed by President Reagan, and it became effective in January of 1987. WHO BENEFITS? This law is an example of what can be accomplished for the benefit of some narrow special interests through the use of lobbyists. Although our legislators made many pronouncements for public consumption that they were acting to protect us, what they actually did was to create a law that is of primary benefit to cellular telephone sellers who wish to deceive the public. Yes, that's right. The net effect of the new law is to allow sellers of cellular telephones and service to say, "No one can listen to your calls; it's against the law." This, of course, ignores the practical fact that the radio transmissions from cellular phone transmitters intrude into our homes and businesses without being invited. Will these transmissions be listened to? Of course they will. They'll be listened to with impunity because the law cannot be enforced; and, further, the Justice Department has announced that it will make no effort to try to enforce it. There are those of us in various businesses and professions whose work requires that we listen to everything that's on the air, and we're certainly glad that they are not going to try to enforce the law. HISTORY The old law, The Omnibus Crime Control and Safe Streets Act of 1968, Title III, was commonly misunderstood --- partly because it addressed a technical subject, but mostly because it used extremely convoluted language to express a simple idea. Consequently, almost everything written to explain that law has been incorrect. The words used by the politicians describing the old law, in order to justify the creation of the new law, were incorrect. "Experts" writing about that law haven't bothered to read it; they have simply repeated the same errors that they heard from others. Several court opinions relating to the old law grossly misquoted it, or inverted the meaning of the words used in it. The old law, written to control eavesdropping on human voice conversations, was a masterpiece of circumlocution. Its drafters apparently were writing to impress, rather than to communicate. They used as many fancy words as they could muster, but never once used any of the key words: "voice", "human", "conversations" or "eavesdropping". In short, the old law was an abomination. The new law is worse. THE NEW LAW The new law makes it a crime to listen to what has been broadcast on certain radio frequencies. It's OK to tune to some frequencies, a misdemeanor to tune to others, and a federal felony to tune to others. Wild. The new law allows "providers" to listen to communications on telephone circuits that they provide. Unfortunately, the drafters neglected to provide a definition of "provider". Already, within a few months of passage, those words are being interpreted to mean that the boss can listen to his employees' phone calls without their knowledge or consent. Carried one step further, it could be interpreted to mean that the breadwinner in a household can legally listen to his/her spouse's phone calls. The new law puts restrictions on law enforcement's use of a dialed number recorder (DNR) (which it calls by the 1930s term "pen register"). As with the law that it replaced, the new law uses the words "in whole or in part" (referring to the kind of communications addressed by the law) without defining whether these words are intended to refer to the medium or the message. It is your author's considered opinion that these words refer to the message; otherwise they don't make sense. (I must point out, however, that some very smart lawyers disagree.) The new law creates a strange concept: "aural transfer". Strange because the word "aural" refers to the human (animal?) hearing mechanism which converts the mechanical energy of sound impinging on the eardrum into electrical impulses which are transmitted to the brain. "Transfer" implies a system, which would be composed of a transmitter and a receiver; but the aural process is only a receiving process. Let's paraphrase "Where's the beef?" and say "Where's the transmitter?" in this system. Oh yes, sounds broadcast on subcarriers may not be listened to. Imagine! While you're in an office or elevator that plays MUSAK, you are committing a felony by intentionally listening!. Last, but not least, criminals have found that they can use cellular phones for communication without paying for the service by having phoney electronic serial and telephone numbers installed in their phones. Also, they talk freely because they know that what they say can't be used against them because law enforcement must get a court order in order to legally listen to what they are broadcasting on the airwaves. ONE IMPROVEMENT First, you must recognize that our legislators chose to redefine "intercept" rather than to use "eavesdrop" when they are referring to eavesdropping. (Intercept means to seize something, preventing it from arriving at its intended destination; so they had to redefine it.) In the old law they redefined this word to mean "aural acquisition" of the content of a communication. This was dumb and caused untold confusion. The one improvement in the new law, then, is the re- redefinition of interception to mean the acquisition of the content of the communication. Hallelujah! (But wouldn't it have been better to use the right word in the first place?) HOW TO USE WORDS TO CREATE A FALSE IMPRESSION (a lesson from our elected representatives) The following comment was carried in COMSEC LETTER, YOGO 2.06, issued while this law was being drafted. "Throughout the proposed law and in all references to these laws our Congressmen have used the word "protection" when they are referring to the legislated prohibitions against eavesdropping on conversations. It is as though they really believe that they can legislate protection. "If you believe that legislation can "protect" your broadcast conversations from being overheard, we have an experiment for you -- and any congressman who thinks he has such power. "First let Congress pass a law which prohibits piranha fish from biting our citizens. Let's make it a felony. "Then you, or your congressman friend, go jump in a river full of piranhas. "Let me know how you make out." IN THE WORKS Because of the many requests that we have had for complete sets of the ComSec Letter, we've been working on editing out topical information and consolidating each year's letters into one publication. These should be ready soon; we'll let you know. GLOSSARY Just a reminder: we're enclosing pages 2 & 3 of the TSCM Glossary with this letter. FEEDBACK Our thanks to Jerold Hutchinson who wrote to advise that our definition of ACM is incorrect. He's right, and we'll correct it in future editions of the glossary. Although many folks use the terms interchangeably, ACM is not another term for TSCM. ACM means audio countermeasures and does not include countermeasures against other methods of technical surveillance. October, 1987 TRAP AND TRACE -- PEN REGISTER Recently it has come to our attention that some folks (especially lawyers) are using these terms interchangeably. The confusion was probably started by the juxtaposition of the two terms in the new federal law relating to communications privacy. So let's see if we can shed some light on these two different items. First: pen register. (Do we have to use that antiquated term? Yes, I know that it is the term used by our legislators when they wrote the law, but the pen register is an item that was modern when I was a kid, and all phones were black rotary dial units with pulse output). Anyway, the dialed number recorder (DNR) -- term for the modern device which prints out the number dialed whether the dialing is done with DTMF or pulses or a combination of both -- is a device which is placed across the line of the calling telephone. It prints out a chronological record of all telephone activity: date and time off-hook and on-hook on all calls and digits dialed on all outgoing calls. The key to differentiating this from the trap and trace equipment is that this device is connected to the line of the calling telephone. Trap and trace, on the other hand describes telephone company equipment which is used, starting at the called telephone to "Trace that call!", as they say in the movies. However, the process is not as simple as the movies would make you believe, particularly if the two ends (calling and called) are not in the same exchange. The different companies use different equipment to accomplish the same thing, namely identification of the number from which the call was placed. To summarize: the DNR (modern pen register) is used at a calling number to determine the called number; and trap and trace equipment is used, starting at a called number, to determine the calling number. As we have reported earlier, there are developments which will drastically change this scene. Congress made it more difficult for law enforcement to get authority to use a DNR and Radio Shack came out with its CPA-1000 -- a DNR for the masses at $99.95 ("professional" DNRs start at about $5,000). Meanwhile, our phone companies are introducing CLASS and CCIS piecemeal across the country. (See definitions of these terms in the glossary pages distributed with last month's ComSec Letter.) CLASS and CCIS will make trap and trace equipment superfluous; the called party will be able to identify the calling number without the aid or intervention of anyone or anything at the telephone company. ANONYMOUS LETTER We recently received a letter from a former member which raises a lot of interesting questions, so we'll run it almost in its entirety, and do our best to try to answer the questions for the benefit of all. THE LETTER "I was a student member of the ComSec Association until my membership expired and the CSA board decided for whatever reason to delete student member status. "For the past several months, I'm glad to say that for whatever reason, I have continued to receive the ComSec Letter. "With all of its coverage of the ECPA, and since the whole communications privacy issue has been pushed by the cellular telephone industry, I've decided to write to you from my perspective -- a hobbyist communications monitor whose interest includes the cellular telephone. You are welcome to publish this as you see fit, under the condition that I will remain anonymous. "Cellular telephone communications operate at 825-845 MHz for the mobiles and 870-890 MHz for the cells. There are several hobbyist communications receivers capable of covering this range, with prices ranging from $400 to $800. Interestingly enough, Radio Shack sells one of the best receivers covering this range -- the 300 channel PRO-2004. For political reasons (including the fact that RS sells CMTs), cellular coverage was deleted by adding one easily- removable component to a circuit board. It is common knowledge that this component can be removed so this continues to be a hot seller. Also, the CMT frequency range was once allocated to UHF TV channels, so it is possible to monitor cellular on an old TV set! The majority of the telephone calls are of a (legitimate) business nature, seconded by the more interesting (to us casual monitors) personal calls. After a quick scan of conversations, you realize how many people cheat on their spouses! Drug deals are also often monitored, and there have been instances where I have copied down times, locations and any other helpful data, turned it over to law enforcement agencies, and in turn monitored their communications as they staked out the area to make the arrests.! Many law enforcement agencies themselves use cellular phones, and by their lack of COMSEC/OPSEC during those calls, they must seem to think the calls are relatively secure. It seems that the agencies (DEA, FBI, etc.) currently have no capability to monitor CMT conversations, and "If we can't do it, chances are no one else can either!" seems to be their attitude. CMT industry officials would have you think that a call changes frequencies every few seconds. While this occasionally happens, the majority of the calls remain on the same frequency for at least a minute. Also, it usually takes me about 30 seconds at the most to relocate a conversation that has switched to another channel as long as the site is within about 15 miles of my area. If you're behind or near a person using CMT, it is quite simple to immediately locate the frequency and tune in the conversation on the receiver without the use of a spectrum analyzer or any other sophisticated equipment. I'm currently trying to think of a way to pass on the method to law enforcement agencies. Overall, the cellular telephone system is a sophisticated, extremely useful communications medium, but the industry is making a mistake by trying to show that it is something that in actuality it is far from -- secure. Jim, feel free to use any of the above that you wish, but please keep identifying information, such as my name, etc. confidential. I would like very much to contact my area FBI & DEA Field Offices, because, after monitoring them, I know that they are currently unable to monitor cellular conversations (regardless of the law), yet I can't really just call them out of the blue and say "Hey, after monitoring you, I know you can't listen in on CMTs. I'd be happy to tell you how!" "I'd appreciate any advice or comments you might have." OUR ANSWER First, let's consider the administrative questions concerning CSA and your lapsed membership. The student membership category was suggested by me because I think we should do all we can to get young folks interested in this field, and we all recognize that students normally don't have a lot of money to throw around. We knew when we set the dues at $10 per year that it was a money-losing proposition, but we wanted to make this information available to young folks studying in the field. Yep, I'm the one who suggested it. However, I'm also the one who suggested that it was unworkable in an organization this size with nothing but unpaid volunteer administrative help -- me, my wife, and our youngest daughter. Our experience in handling membership applications convinced us that it was not worth the effort. Almost every application had to be sent back for some kind of documentary evidence that the applicant was truly a full-time student. Many applicants were people who sometimes took a course in the evenings, and some said flatly that they studied on their own without benefit of any recognized school. Those people, and the awful mess of address changes just ate up too much time. As to the reason that you received copies after your membership expired; well, that's an interesting story and, again, it relates directly to our naivete (or inexperience). First, we tried to notify members to renew by referring them to the code in the address label on the envelope. Whoops. That didn't work partially because the envelope was already in the trash before the member read the note, and partially because many folks could not understand our coding. So then we were saved by a volunteer who said he would maintain the membership list and send letters to all members to remind them to renew. Whoops, again. We suffered from many errors in the labels he printed out, and delays of several weeks to get labels for mailing a monthly newsletter. Oh, and by the way, he never did send even one letter to remind people to renew. The reason for the extra letters, then, is that your editor was feeling guilty. How can you justify cutting off membership if the member had never even been notified that it was expiring. (Now, when we get as big as ASIS with a five or six million dollar annual operating budget, then, by golly, those renewal notices will go out like clockwork. We hope.) Now, let's consider the very serious subjects introduced, namely the ability of some of us to monitor, and inability of some others. I cannot reveal the location of the letter writer so we can't get a geographical fix on where DEA and FBI have commented on the air about their inability to monitor CMT. So, let's just ask the question of all of our readers: Is this the situation in your area? Speaking for ourselves, we have occasionally heard some cellular phone conversations. In fact, while demonstrating to some Senate staffers (before ECPA was passed), we listened to a conversation during which one party advised the other to buy a coach ticket, and he would upgrade it to first class at the airport. (If that doesn't make sense to you, let us explain. It is a violation of federal law for a government employee to accept transportation from a lobbyist or a contractor -- so what is done is that the government employee gets his coach ticket, and the contractor upgrades the ticket for cash, and writes off the expenditure under some legal heading on his expense report.) Also, we've heard dates being made, and excuses being given for dates broken; a girl giving all of her vital statistics to what sounded like a prospective client, drug deliveries being made, collectors (not the kind who send invoices) going out to make collections, and a whole lot of trivia. BBS Recently we were advised of a BBS called Mainstreet Data (619-438-6624) which has a section called TAP Magazine. Per the notice in 2600 magazine, for a complimentary account call, enter 12 for your ID, enter DAKOTA for your password, and at the first command prompt enter PRO. Please let us know how you make out. SEEN AT ASIS, LAS VEGAS Our nomination for the company with the most interesting name at the annual seminar and exhibits of ASIS in Las Vegas last month: Network Security Associates which identifies itself by using the initials NSA. FEDERAL COURT RULING RE ECPA In the January 13, 1988 edition, USA Today reported That "St. Louis US District Court Judge Roy Harper ruled federal laws banning wiretaps don't apply to married couples. Karl Kempf recorded his wife's telephone talks at home because he suspected an extramarital affair, Harper said." If any reader has more information on this astounding ruling, we'd sure like to receive it. Thanks. November, 1987 THE SKY IS FALLING! THE SKY IS FALLING! Many in politics and the media are screaming as Chicken Little did. The fairy-tale chicken jumped to an alarming conclusion on very slight evidence, and some high- profile folks appear to have been doing the same with regard to the Moscow embassy mess. First they said that the Marine guards had been allowing KGB agents the run of our embassy including the crypto room; now they say no such thing ever happened. Also, our legislators who visited our new embassy under construction in Moscow say that it is so thoroughly bugged that we'll never be able to use it. A lot of what has been said bears examination and evaluation by reasonable people. Let's look at some of what we have been fed by the press. Washington Post, 1-17-88: "... the Moscow Embassy was ordered to cease all classified communication with the outside world and to shut down processing of all classified information on computer terminals, electric typewriters and even manual typewriters on the theory that they might have been programmed by nocturnal KGB visitors to emit telltale electronic pulses." Representative Olympia J. Snowe, 4-4-87: "We now have a secretary [of state] who will be going to Moscow the week after next and he will be reduced to negotiating foreign policy in a Winnebago [because the embassy building is not secure]." Representative Daniel Mica is reported to have taken a "Magic Slate" with him to Moscow so that he could communicate securely while in our embassy. There have been reports in the press that our new embassy is one huge antenna. U.S. News and World Report, 6-1-87 in a story about the new Soviet embassy in Washington: "... the embassy looms high enough over all of official Washington to enable the Soviets to spy with sophisticated photographic and listening devices on ... White House ... Pentagon ... State Department ... Congress ... CIA ... FBI ... DIA ... and the Navy Intelligence Complex." IS THE SKY REALLY FALLING? Comments on all of this are invited from all of our readers. For his part, your editor finds most of it silly and some of it downright ludicrous. Can you imagine that anyone would be concerned about compromising emanations from a manual typewriter?!? Can you imagine that our technical people would allow our embassy to be rendered unfit for use by people who have not even had access to the premises for several years? In what way does having the embassy made into a giant antenna compromise communications? All right, so our State Department insisted that the Soviets build their embassy on the high ground on Tunlaw Road instead of in Chevy Chase where the Russians wanted to go. So what? Because all of those federal buildings are visible in part from Mt. Alto, does that mean that we have to stop doing business in the Pentagon, White House, etc.? Yes, being on high ground does mean that radio reception is better, but it doesn't mean that the Soviets can spy on everything done in that long list of buildings, for Pete's sake! CALL FOR PAPERS Although the dates are not yet firm, the decision has been made that there will be a membership meeting in the Washington, DC area late this year in conjunction with Surveillance Expo '88. Your association is sponsoring this expo, and expects to profit from it. Your participation is urgently needed. There will be four tracks with panels and presentations scheduled throughout the three day period. The tracks are: Communications Security, Computer/Information Security, Surveillance Technology, and Investigations Technology. If you are knowledgeable in one of these areas, you are invited to suggest a subject for a talk. If you do not want to present a paper, but can help with the planning, we'd like to hear from you right away. The only pay you'll get for help is some public exposure to professionals in the field, but that can be very valuable. DEFENDING SECRETS, SHARING DATA The title of this segment is the title of a report by the Office of Technology Assessment of the U.S. Congress. It is a modern-day classic on the subject of vulnerability of electronic information to theft. If you work in this field, or have responsibility for protecting information, you should have a copy. Order from the Superintendent of Documents, Government Printing Office, Washington, DC 20402-9325. GPO stock number is 052-003-01083-6. Price: $8.50 per copy post paid. Your editor is proud to say that he contributed in a small way as a contractor to OTA. THIS IS A PROFESSIONAL?!? The headline (Washington Post, 1-23-88) reads "Wiretap Consultant Gets 120-Day Term". The tawdry business that was being reported on had to do with a man named Eddie T. Dockery who admitted to forging an invoice, but that's not the story that is of interest to us. The real story is that this is the same man who was hired by DC Mayor Marion Barry to perform "electronic sweeps". That's right. The mayor of the capital city of our nation hired this man to perform a professional service. And what was the "professional" report that was made to the mayor? According to the Post, Dockery reported that "he believed that there was a 90 percent chance that the three telephone lines into Barry's house were wiretapped and that the rooms in the house were bugged". Now we've heard some pretty wild conclusions being reached by some operators of TDRs, and we're wondering if that is what this man was using. Or was he just looking into a crystal ball? CUTESY COMMENT AWARD This award goes to William Barden, Jr. who wrote a book entitled "Shortwave Listening Guide" which is published and sold by Radio Shack. The cutesy comment worthy of note appeared in a section of the book relating to the ECPA of 1986 in which he explains the act and counsels on how to not become a criminal while listening to your radio. With regard to the fact that the ECPA makes intentionally listening to what is broadcast on cellular phone frequencies he comments, "Evidently some of the lobbying for the ECPA was done by the Mobile Communications industry." In case you have not been following the activity re ECPA and its aftershocks, let us explain. Radio Shack, the publisher of this book was one of the principal lobbyists for the obnoxious provisions of the ECPA which specify which listening is OK, which is a misdemeanor, and which is a felony. Further, Radio Shack made a quick fix to their wonderful PRO-2004 scanner so that it could not be used in contravention of the law that they helped to write. Yep. The 2004 cannot now be tuned to cellular frequencies. Therefore the "Cutesy Comment Award". (By the way, if you have a PRO-2004 and want to unmodify it, send us a stamped, self-addressed envelope and we'll send you instructions on how to unmodify it so you can listen to cellular.) QUOTE OF THE MONTH Milton Berle: "Married fifty years, and we still make love almost every day. Almost on Monday, almost on Tuesday, ..." TO/FROM; CALLED/CALLING George Threshman contacted us after our last letter which tried to clear up the confusion between "trap and trace" devices and dialed number recorders (DNRs). He said that our explanation led him to believe that a DNR would identify the calling number. (By the way, the Brits, in their laws differentiate by using the words "TO" and "FROM". Smart, no?) This is too important a point for us to leave any possibility of confusion, so let's try again. The DNR is a device which is placed across the line of the calling telephone. It prints out a chronological record of all telephone activity: date and time off-hook and on-hook on all calls and digits dialed on all outgoing calls. (News note: The DNR from Radio Shack, the CPA-1000, which we praised in that same letter has been reduced in price; it's now $79.95. Aren't capitalism and the free market wonderful?) YET ANOTHER PRODUCT Recently we received a letter from Robert Brooks of Warrensburg, MO in which he made some nice comments about the ComSec Letter and passed along some interesting information. First, Robert, Thanks for the kind words. Hearing a compliment from time to time really makes this effort worthwhile. And thanks for your info and questions. (There will be more on laser techniques and equipment in a future issue -- and I'm not sure about the facsimile scrambling product that you recommend.) Now let's pass on his comments about yet another product. Robert says, "In recent product literature I received from Sutton Designs, they advertised an 8-digit (1.2 GHz) frequency counter for $500.00. If you look in the inside cover of the November 1987 Modern Electronics you'll see the same frequency counter (same exact ad -- different company) selling for $99.95. Isn't Sutton being a little greedy?" Well, Robert, I think it was P.T. Barnum who said, "There's another sucker born every minute." It's just sad that there are firms trying to "con" us all the time. By the way, I've had other calls on this subject and I seem to recall that the counter is available for a lower price, and that Sutton is asking an even higher price. We'd be glad to hear from anyone, even Sutton Designs, on this matter. December, 1987 BY-LAWS, BOARD, OFFICERS We've drifted long enough. The current Board of Directors will meet soon to approve By-Laws, and to start the process of selecting a new board and new officers. Information will be coming in this newsletter. DANGEROUS FOOLISHNESS According to information in a recent Popular Communications magazine, the Cellular Telephone Industry Association, CTIA, not only opposes any effort to force manufacturers to put warning labels on radio transmitters, they want to ban the manufacture of equipment that can receive on cellular frequencies! It seems prudent to us that the public should be warned that what they transmit can be heard by others. It is unthinkable that receiving equipment could be banned in a free country. Well, it took from 1968 till 1986 to change the federal law relating to eavesdropping. The new law has some improvements, but many strange new provisions. How long will it take to undo all the harm done by the ECPA? MAJOR INDEPENDENT TV STATION BUGGED! We won't identify the station because we don't want to embarrass them. (However, you'll find their call sign very familiar.) It seems that a scanner operator called one of their popular investigative reporters and advised that there was a radio bug in the station and that a lot of very sensitive information was being broadcast. Investigation of the "bug" revealed that floor directors were leaving their headsets turned "on" after use. Sound activated (VOX) circuits kept the transmitters off the air until they picked up conversations with clients, discussions of secret promotional campaigns, etc. (Hint, hint. This station just ran an excellent series on eavesdropping.) TEMPEST AND COMPUTER SECURITY From Ray Heslop of the Tempest Division of Atlantic Research we received a copy of the above captioned article that had been published in last September's edition of Government Executive. Our thanks to Ray for thinking of us. The article intended to wake up corporate America to the TEMPEST threat and it may have done something along that line, but it turned us off because of incorrect technical information. The first comment on this material relates to a popular misconception which seems to have been originated by some of those liberal arts majors who became journalists. Maybe it's not the fault of the journalists, but somebody has divided eavesdropping into "active" and "passive" categories without providing definitions of these terms. If I understand them correctly, when a man climbs a pole and bridges from the target telephone line to the leased line to the listening post, that's not active. Methinks that the guy who climbed the pole will be surprised to find out that he was engaged in a passive activity! Leaving aside the generic criticism, let's look at some specific technical information offered in this article. We'll label the Government Executive comments "GE", and our responses "CL". GE. "According to experts, fiber-optic cable is the best bet because it doesn't emanate as well. However, fiber optic cable can be tapped easily, and it is difficult to detect the tapping. Existing coaxial cable can be protected with metal shielding." CL. So much for getting expert technical advice from Government Executive! All of us know, I hope, that there is no magnetic or electric field associated with a fiber optic cable carrying a signal because that signal is light, not electric current or radio frequency energy. So, in a sense, the author is correct; it does not emanate as well 'cuz it doesn't emanate at all. However, when she says it can be tapped more easily, and the tapping is difficult to detect, she couldn't be further off the mark. There is no doubt in my mind that fiber optic cable can be tapped. I just don't think that it can be done in the field. Consider that a single strand of cable is 10 microns in diameter and is covered with cladding that is one micron in thickness. I can see how this can be handled in the lab, but I really can't see a man on a pole, handling the cable with gloves on, with the wind and rain, and so forth, can be expected to remove the requisite length of cladding without damaging the glass fiber so that he can fuse another cable to it as they do in the lab in a jig under a microscope. And, as for tap detection, it looks like there are many ways to automatically detect tampering on the fiber cable, but we don't yet have a way to do the same on a phone line. Last, but not least. She says that coax can be protected with metal shielding. Great idea, but of course, coax means coaxial; the conductor in the center and the shield around it share the same axis, therefore, the term "coaxial". 'Course, if you put another metal shield around it, we don't know what you would accomplish, but it shouldn't hurt anything except the pocketbook of the person paying for it. GE. This article also says that computer data are stolen by "highly sensitive bugs, line taps, parabolic microphones, electromagnetic emanation collection instruments, and other related devices." CL. Our own experience is limited, but the methods listed here don't seem to relate to the practical world that we live in. However, let's pass this question on to our readers. How often have you found computer data being compromised by parabolic microphones or highly sensitive bugs or anything else specified? BBS # NG Shortly after we passed along a new BBS number, we had a call from Larry Newman who reported that the number from 2600 was no good. Sorry about that. ComSec Association BBS Larry has been flirting with the idea of sponsoring a BBS for the ComSec Association, but he's not sure that he can bring it off alone. Anybody out there want to give him a hand? He's in NYC and his phone number is 212-921-2555. Give him a call if you think that you could help get this project off the ground. AT&T INFORMATION SOURCES The following information was published in Teleconnect, and we pass it on for those who may be interested. Technical Reference Catalog (pub 1000) (lists pubs, bulletins, etc.) Available from: Publishers Data Center, Inc. POB C-738 Pratt Street Station Brooklyn, NY 11205 Bell Labs Record (magazine). $20 per year from: Bell Labs Circulation Dept. Room 1F-233 101 JFK Pkwy Short Hills, NJ 07078. EVALUATOR EVALUATION At the request of one of the dealers and of the inventor (?) of the Evaluator, we tested the device. In case you're not familiar with this unit, let us quote the headline in the ad currently running in Security Management: "NEW! PATENTED TAP DETECTOR OPERATES 24 HOURS A DAY". Based on those words we think that a reasonable person would conclude that the Evaluator is capable of detecting telephone taps, and is sold as a tap detector, no? Well, we tested the evaluator to see if they had invented something that Bell Labs had been unable to invent. The first one that we tested did not detect the Radio Shack audio amplifier, the butt set, the tape recorder starter, the sound activated tape recorder, or the tap made out of about $2.50 worth of parts. It did detect an extension phone going off hook. The inventor/manufacturer (?) advised that we might have received a faulty unit, and also that we should leave the tap on for three to five minutes because that's how long the detection process sometimes took. So we tested the new unit while timing our taps by dialing the time message from the phone company. We recorded for at least five minutes while tapping sequentially with the same pieces of equipment. Again, it failed to detect anything but an extension going off hook. Since then, we've been promised that we would receive a new unit for testing. That promise goes back several months, so don't hold your breath for our updating story. SURVEILLANCE EXPO We're trying. Spent innumerable hours talking with two Sheraton hotels in the DC area, only to have them change the terms when it was time to sign the contract. Wasted time. Any member with experience in this arena will be welcomed with open arms. Help!