20-Jun-86 14:05:30-PDT,13430;000000000000
Mail-From: NEUMANN created at 20-Jun-86 14:01:53
Date: Fri 20 Jun 86 14:01:53-PDT
From: RISKS FORUM (Peter G. Neumann, Coordinator) <
[email protected]>
Subject: RISKS-3.10
Sender:
[email protected]
To:
[email protected]
RISKS-LIST: RISKS-FORUM Digest, Friday, 20 June 1986 Volume 3 : Issue 10
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Re: Privacy Legislation & Cellular Swiss Cheese (RISKS-3.8)(Geoff Goodfellow)
Re: Privacy Legislation (RISKS-3.6) [divulging] (Dan Franklin)
Re: Privacy Legislation (RISKS-3.6) [radar detectors] (Herb Lin)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to
[email protected], Requests to
[email protected].)
(Back issues Vol i Issue j available in SRI-CSL:<RISKS>RISKS-i.j.
Summary Contents in MAXj for each i; Vol 1: RISKS-1.46; Vol 2: RISKS-2.57.)
----------------------------------------------------------------------
To: RISKS FORUM (Peter G. Neumann, Coordinator) <
[email protected]>
Subject: Re: Privacy Legislation & Cellular Swiss Cheese (RISKS-3.8)
Date: 19 Jun 86 11:19:03 EDT (Thu)
From: the tty of Geoffrey S. Goodfellow <
[email protected]>
I co-authored an article on the ease of which cellular can be spoofed,
COMINT'd and SIGINT'd in the November issue of PERSONAL COMMUNICATIONS
TECHNOLOGY. An on-line copy of the article may be FTP'd with 'anonymous'
login from [SRI-CSL]<Geoff>Article.Celllar-Sieve or by sending me a
message requesting one by reply copy.
With respect to the impending facade of Privacy Through Legislation,
here is a good report on it which appeared on the Info-Hams mailing list.
Pay special attention to such gems as how Cordless phones are not included,
and the different level of protection afforded to Cellular abusers vs. the
traditional mobile telephone IMTS systems on 150 and 450 Mhz.
Geoff Goodfellow
Cellular Radio Corp.
Vienna, VA
[Note: This HamNet Electronic Edition is a limited excerpt
from the full published edition [Vol 8 #11 -- 6/01/86] of The
W5YI Report. Selected and prepared by Scott, W3VS.
Commercial redistribution of this copy is prohibited.]
Up to the minute news from the worlds of amateur radio,
personal computing and emerging electronics. While no
guarantee is made, information is from sources we believe
to be reliable. May be reproduced providing credit is given
to The W5YI Report.
o Electronic Privacy Bill Passes Subcommittee
-------------------------------------------
Legislation extending protection against unwarranted interception of
electronic communications by outsiders passed its first and most
difficult test during mid-May. RF signals present throughout our homes
will no longer be public domain if HR 3378 ultimately becomes law.
After weeks of negotiation, the House Judiciary Subcommittee on Courts,
Civil Liberties and the Administration of Justice reached a compromise
agreement with the Department of Justice setting the stage for
subcommittee approval. The mark-up session was packed with 120
spectators crowded into a room designed for 60.
Most of Justice's problems had to do with adding barriers to law
enforcement efforts. The bill, as approved, requires the government to
obtain detailed search warrants to intercept and use electronic
messages in transit. The subcommittee acknowledged that they still had
a couple of things to work out in the "foreign counterintelligence
field."
The legislation, the Electronic Communications Privacy Act brings the
Wiretap Act of 1968 up-to-date by including such communications
services as cellular radio, computer data transfer, electronic mail and
satellite communications not in use when the act was first passed. The
final draft of HR 3378 was unanimously approved after two suggested
amendments (which made sense to us) were defeated. The final
subcommittee vote had been delayed three times previously.
The bill is far reaching and will effect nearly every American in one
way or another. While legislators, the media, and the various
electronic industries are widely portraying the bill as protecting
cellular privacy, it doesn't at all. Cellular phones, of course, are
the space age version of the old car radio telephone.
The bill particularly affects hobby, industrial and government radio
users and listeners in that it details what can- and cannot be
monitored. Supporters of the legislation include such industrial
giants as IBM, AT&T, MCI, Motorola, GE, GTE, Bell telephone, all three
TV networks, ... and various telephone, videotex, electronic mail and
computer equipment trade organizations.
Since most of us are concerned with the personal use of electronic
communications and the right to monitor the radio spectrum, we will
focus on that aspect.
A new definition of electronic eavesdropping has been proposed.
Instead of "acquisition of the content", it is now "interception of the
transmission of the content."
A penalty of up to a year in jail and $10,000 fine would be imposed on
those intercepting certain transmissions not intended for the general
public in the shortwave band...such as remote broadcast pickup stations
operating around 26 MHz and perhaps ship-to-shore radio telephone
conversations. Any encrypted (scrambled) transmissions are also
protected.
Strangely, scanner owners are subject to the year in jail/$10,000 fine
if they tune in the old 150/450 MHz carphone service - but only 6
months in jail and a $500 fine if they listen to a 900 MHz celluar
phone call!
Specifically exempted from coverage by the bill are all amateur radio,
CB and GMRS (General Mobile Radio Service) communications. Ham auto-
patch telephone calls therefore are not affected even though a
participant expecting privacy might not be aware that the radio portion
of the call is being widely transmitted.
The radio portion of a private telephone call terminated by a cordless
phone is also not privacy protected "since these calls can be easily
intercepted." The subcommittee noted that the FCC requires manufactur-
ers to include privacy disclaimers with cordless equipment.
Actually, just about any radiotelephone call can be easily intercepted,
but the legislators perceived some as harder than others. Cellular
phone calls can even be received on consumer TV sets.
Broadcast services not intended for the public (such as a piggy-backed
FM subcarrier service) may not be monitored.
Radio services not protected by the bill include "any station for the
use of the general public, or that relates to ships, aircraft,
vehicles, or persons in distress" as well as "any marine, aeronautical,
governmental, law enforcement, civil defense, or public safety
communications ...readily accessible [not encrypted] to the general
public." Thus, you can listen to ongoing law enforcement manuevers
...even Air Force One, but not a random phone call you might hit upon
in the spectrum.
What can be monitored by satellite dish owners was specifically not
resolved since this question is currently before the House Tele-
communications Subcommittee.
Private fixed microwave links, FM subcarriers, and broadcast auxiliary
or remote pickup stations were specifically protected.
Rep. Mike DeWine (R-Ohio) offered two amendments at the subcommittee
mark-up session dealing with cellular phone calls.
DeWine, a former prosecuting attorney, said that while he was in basic
agreement with the intent of the bill, he was troubled by the fact that
old television sets still being sold can inadvertantly overhear a
cellular phone call. He also said that scanner marketing was not
covered by the bill... "If a scanner stops at a cellular phone channel
..this bill means that (a scanner listener) could be imprisoned for
six months ...even if he did not disclose the information.
He acknowledged that the Justice Department told them that they
wouldn't enforce scanner (or TV) cellular listening but "it's basically
bad public policy to create a law that everyone knows will not be
enforced... It brings about a disrespect for the law. ...It weakens
anybody's faith in the criminal justice system. We are not talking
about difficult enforcement. What we are talking about is an
impossibility, unless we are willing to violate people's
Consititutional Rights and go into their own homes..."
The bill "...creates the illusion of protection," DeWine testified.
"The facts are that it will no more protect (cellular) the day after we
pass this bill than the day before..."
Rep. DeWine suggested an amendment that would outlaw the overriding of
an encrupted telephone conversation. He said laws already exist that
prohibit divulging intercepted information. He is concerned that
"...the cellular phone industry will use this bill to tell people that
they have an expectation of privacy when, in fact, they do not."
Chairman Kastenmeier agreed that the bill could not easily be enforced,
but that encruption cost was prohibitive ($2,500 for a mobile, $164,000
for a base station.) Declaring that he didn't want to make America an
encrypted society, he urged defeat of the amendment.
Holding up a scanner advertisement which promoted listening to
"radiotelephone conversations that offer more real-life intrigue that
most soap operas," Kastenmeier said "we cannot encourage this! We have
set down the rules of the road whereby that is off limits... Scanners
are very useful devices, and they will continue to be, excepting there
ought to be some things that are protected against even, yes, even
against scanners." A voice vote defeated the amendment by a clear
majority.
A second amendment was introduced by DeWine, eliminating the 6 month
prision sentence from the cellular penalty. That too was rejected.
With no further amendment being offered, the substitute draft of HR
3378 was unanimously adopted by voice vote. The Subcommittee agreed to
report the bill out to the Judiciary Committee for further action.
HR 3378 is still very far from being a law. It must be approved by the
Judiciary Committee and the full House ...then reconciled with a
similar bill pending before the Senate Copyright Committee. It gets
signed into law by the president. The reality of the matter is,
however, that government control over radio wave reception in your home
will indeed be eventually enacted in some form.
------------------------------
Date: Fri, 20 Jun 86 14:38:35 EDT
From: Dan Franklin <
[email protected]>
To:
[email protected]
Subject: Re: RISKS-3.8
> Does anyone have any idea how the last part (radio telephones) could be
> legally supported in view of other legal freedoms? I thought that one
> was free to listen to any frequency one wished in the US (Canada too).
> You don't have to trespass to receive radio signals.
Receive them, yes; tell anyone else what you heard, no. As I understand
the law, if a radio signal is part of a conversation--that is, clearly
directed at some specific other person--you are forbidden to divulge the
contents of that signal to a third party. You might be forbidden to make
any other use of it, too; I don't remember for certain.
So eavesdropping is already suspect in current law, and it would not be
such a big change to say, for instance, that you could not *intentionally*
receive radiotelephone signals. If your neighbor's radiotelephone
happened to come in on your stereo, you wouldn't then be breaking the law.
I do not actually know what the new law says, but there do exist ways to
safeguard privacy without compromising the "right to receive".
Dan Franklin
------------------------------
Date: Tue, 17 Jun 1986 00:32 EDT
From:
[email protected]
To:
[email protected] (Michael Wagner)
Cc: RISKS-LIST:@XX.LCS.MIT.EDU,
[email protected]
Subject: Privacy legislation (RISKS-3.6)
[On the same topic...]
Not true. States routinely ban the use of radar detectors, and that
is nothing more than "listening to a frequency."
[Well, things seem to be changing. In California, PASSIVE detectors
are now legal, and can be bought at Radio Shack among others. Mail
order outfits are also doing a boom business. I presume this is true
in other states as well. ACTIVE JAMMERS are of course still illegal.
[[This messasge does not constitute an endorsement on the advisability
of using a detector, or of the reliability of any such product. I
won't even contemplate the risks involved of using one.]] PGN]
------------------------------
End of RISKS-FORUM Digest
************************
-------