COMSEC LETTER Editor: James A. Ross Yogo 0 1984 COMSEC LETTER The ComSec Letter was started in 1984, The Year Of George Orwell, by Jim Ross. Initially it was mailed at no charge to everyone on his mailing list, and it was later offered by subscription. After the founding of the Communication Security Association, the letter became its official organ. In 1989 the association decided to create a new organ, Comsec Journal; and, in order to minimize confusion, the name of this letter was changed to Surveillance. What follows is an edited version of the contents of one year of the letter. (The letter has been edited to remove topical, superfluous, and outdated items.) Ross Engineering, Inc. 7906 Hope Valley Court Adamstown, MD 21710 Tel: 301-831-8400; Fax: 301-874-5100 January, 1984 WELCOME! This is the first of what we plan to be a monthly letter on the subject of communications security. The fact that you have received this first letter indicates that your name and address somehow found its way into our mailing list. If you do not wish to receive future editions, please let us know, and we'll remove your name. By the way, if our changeover to a computerized system has mangled your name or address, please let us know, and we'll correct it. PURPOSE The purpose of this newsletter is to provide accurate information on private and commercial (not government) communications security. SUBJECT MATTER Our prime area of interest is communications security. The emphasis will be on electronic communications systems and the protection of the information that they carry; but, with the proliferation of intrusions into computers we'll also be addressing the problem of protecting stored information. As a matter of fact, our overall interest is in the protection of information and privacy protection regardless of the method used to collect information. CONTENT In these letters we plan to include topical information on products and techniques, answers to questions submitted, announcements of coming events, and reviews of books and magazines. In addition to providing this business and technical information, we'll also be advising you on services and products available from Ross Engineering. Feedback from you is encouraged. If there is an area of particular interest to you, or any error (heaven forbid!) that you want to call to our attention; please write or call. We are trying to be a source of accurate, detailed, and unbiased information in a technology which has had more than its share of misinformation disseminated. ADDITIONAL PROJECTS PLANNED Naturally, we cannot do everything at once, but we have plans to update and correct the reports which the government has issued; to write a series of technical essays, and, in general, to try to be a clearing house for information on this technology. DEFINITION Having said that we intend to be a clearing house for information on this technology, let's try to define the technology that we mean. What exactly is it? Well, for starters, it has to do with the collection of information. Some people use the term "Industrial Espionage" but that's not good for two reasons. First, the word "industrial" seems to limit our scope to manufacturing firms, and we are definitely not limited in that way. Second, the word espionage refers to the collection of information by clandestine means and usually brings up the image of government vs. government spying, and our field is private and commercial spying. (Governments have such unbelievably vast resources available to them, that they exist in a different world, in our opinion.) Because the principle contributor to this newsletter is a man who has spent over forty years working in, studying and teaching communications and electronics, this publication will be heavily oriented toward communications and electronics. The following words, which have been used to describe our countermeasures seminar, should give a feel for the technology we are addressing: Technical Surveillance; Electronic Eavesdropping; Industrial Espionage; Audio Surveillance; Electronic Spying. However, we are interested in all means of collecting information and we plan to present information which we judge to be of value to our readership regardless of whether it relates to electronics or not. QUESTIONS AND ANSWERS Having just completed a countermeasures seminar here in the Washington area, some questions which were asked at the seminar are fresh in our minds, so we might as well kick off the "content" part of our first newsletter with some answers to questions. Q. How often do you find something really sophisticated? A. If you mean 21st century Buck Rogers equipment, the answer is we have not yet found anything in that category. We are, of course, aware of some exotic equipment and techniques, but we work in the commercial arena and we have not yet faced a situation in which the enemy would have conceivably committed resources of that magnitude. However, as an engineer, I feel that the really elegant systems are the very simple ones, such as the speaker of the speakerphone being connected to a spare pair leading out of the target area to the telephone closet. (That's the one that I described to you which was installed in the CEO's office and conference room in the company which lost $200,000,000 in competitive bids in one year.) Taking advantage of the fact that many spare pair are normally available from the target area to the telephone closet, in my opinion, makes good sense. Also, the Ma Bell equipment is of very high quality, so why not use it? And the total cost to the bugger for equipment in the target area was zero. Q. Don't you think that the best people to find a bug are people who have experience in planting them? A. It is true that a man who has had experience in planting bugs will certainly know some good places to look, but the most valuable "looking" is done using sophisticated instruments and the most important characteristic of the "looker" is that he understand electronic communications and how to use these instruments. Saying that a person should have "black bag" experience before he works in countermeasures is like saying that no surgeon should work on a bullet wound until he has shot a few people; or no detective should investigate a rape until he has raped a few people! Q. Can you provide a checklist to be used to ensure that all necessary checks are made during a specific TSCM activity? A. No, because we believe that each TSCM activity starts with the assessment of the threat and the development of the plan for that specific job. For example, when checking offices in a multi-tenant building, it is usually very important to emphasize the physical search, looking for hidden microphone and illegitimate conductors leading out of the target areas because it is a simple matter to conceal wires under a carpet and run them to a listening post in another part of the building. In contrast, we recently did a job in which the target area was all of a luxurious home which was well isolated from other buildings and located on the waterfront. In order to run wires to a listening post the bugger would have had to bury them by trenching through a beautifully manicured lawn, so, in this case, we did not have to spend time searching for extra wires leading out of the target area. Instead, we concentrated on looking for irregularities on the connecting blocks and checking power lines for carrier current transmissions. Also, in a multi-tenant building it is usually important to perform many audio conduction tests -- are there audio paths which conduct target area audio to some place which could be used as a listening post? In the case of the home mentioned above, there was no possibility of the listening post being located in the same building, so we did not perform any audio conduction tests. However, we do plan to put together some kind of a comprehensive outline of the various countermeasures procedures and try to develop a matrix to indicate under what circumstances each activity is indicated. I used the word "try" advisedly -- this is a big undertaking and we are not going to put something out which is not complete because "a little learning is a dangerous thing". Q. Can you recommend a good book which will help me get started in studying electronics as it relates to eavesdropping? A. When this question was asked at the seminar, we thought of the textbooks that we used in teaching the electronic technician course at Capitol Institute of Technology; but we could not recommend this approach because the technician course is one year in length with two hours of class and two hours of lab each day, four days per week. Someone planning to study the subject on a part-time basis while he holds down a full-time job, can't possibly go through this much material -- so we were unable to provide a good answer at the time. Now, however, we think we can name two books which should provide a good start. Both of these books have been prepared by the Texas Instruments Learning Center, and they are both exceptionally well done. In my opinion, you should be able to get as much as you want out of them -- that is, if you want to skim, you can get the essence; but if you want to dig, full technical detail is provided. Further, the books have a lot of practical content; and, most important, they are totally free of the misconceptions and technical garbage which characterize most of the older material. The titles are: Understanding Telephone Electronics, and Understanding Communications Systems. They are available at $6.95 each by mail from: Texas Instruments Inc., Box 3640, MS 54, Dallas, TX 75285. If you can find them, the same books are sold by Radio Shack. We paid #3.49 for the telephone book and $2.95 for the communications book. TI also has many other titles in its "Understanding" series. You might find some of the others to be interesting as well. Good Luck. NEWSPEAK Newspaper Headline: Cease Fire Holds Despite Sniper Fire. TOO CRITICAL? My partner in Pegasus Industries, Inc. says that I'm too critical of the material which has been published. He may be right, but I believe that when a person holds himself out to be an expert, he should be super careful about his pronouncements. There is nothing wrong with not knowing everything (most of us are in that situation), and there is nothing wrong with making an error (the only people who don't make errors are those who don't do anything); but there is something wrong when a person, who says he is an expert, demonstrates, time and again, a basic lack of understanding of the subject matter. Lest I be misunderstood, let me amplify my thoughts. I believe that the professor who would criticize a student for a lack of knowledge or understanding has no place in the teaching profession. I have never in my life uttered a critical word to a student (or to a colleague) who expressed ignorance regarding some point. Such activity, in my opinion, is destructive of the learning process, cruel, unfair, stupid, demeaning, diminishing, and a few other things. My criticisms are reserved for self-styled experts who expound on subjects that they do not even understand. Specifically, I am referring to whoever first referred to a "resonant" ringer instead of a microphonic ringer in a telephone. I am referring to the person who first described what he called a capacitive tap. I am referring to the first person who explained the operation of an ultrasonic motion detector by saying that standing waves are set up in the protected area. I am referring to the first person who decided that telephone lines have a characteristic impedance. These people, and others of their ilk, have caused untold confusion, because well-meaning folk have studied their errors, silly ideas, and idiocies; memorized them and passed them on to others who have studied them, memorized them, and passed them on, etc. (Complete explanations on these things, and more, will be coming along in the series of technical essays which are in preparation.) I have respect for the experience that some of these authors have -- they can offer us so much of great value. For instance, I just finished reading a book by a man who had ten years experience as an investigator, and some of his comments about equipment used, procedures, etc. are immensely valuable. However, when he attempts to explain the workings of some of the electronic equipment that he has used his explanations simply don't make sense. Too bad. February, 1984 AH HA! Our very first letter proved two points: 1) we're not perfect,and 2) some people do read this letter. For all who wondered, the address for the Security Journal is Box 15300, Washington, DC 20003. Again, when you contact the editor, Robert Ellis Smith, tell him Jim Ross sent you. RELIABILITY During the seminar, one of the discussions which always takes place is a survey of what should be the characteristics of a countermeasures service firm, and we normally start off with adjectives such as ethical, technically competent, properly equipped, etc. However, I personally think that reliability should be near the top of the list. If your countermeasures contractor says he'll be there at 10 AM on Saturday, he should be there at 10 AM on Saturday. If he says he has inspected twelve telephones, you should have total confidence that he has thoroughly inspected all twelve telephones. QUESTIONS AND ANSWERS Q. What periodicals do you read? A. When this question was asked last year by a retired government technician, he gave the impression that he thought that all qualified countermeasures practitioners should read Telephony. In any event, the question piqued our curiosity so we began to note the names of the publications which we normally receive and read, and we were really astounded at the result of our informal survey. Before listing the publications, we must point out that we do not read every word in every publication. In fact, we have already decided that there are many of these periodicals that we will not renew because they are not worth the time to even leaf through. Some of the publications listed are paid subscriptions, some are qualified subscriptions, and some have been provided to us for review. Listed alphabetically, the communications-electronics and security (non- news, non-business) periodicals which we have been reading are: ASIS Dynamics, Assets Protection, Computer Decisions, Computer Security Alert, Corporate Crime and Security, CQ, Cryptologia, Data Communications, Defense Electronics, Electronic Design, Electronic Imaging, Electronic News, Electronic Products, Electronic Warfare Digest, Electronics, Fraud & Theft Newsletter, High Technology, Industrial Communications, Integrated Circuits, Investigative Leads, Journal of Security Administration, Law and Order, Law Enforcement Communications, Law Enforcement News, Microwave Systems News, Microwaves & RF, Monitoring Times, National Centurion, PC, PC World, Personal Communications, Personal Computing, Photonics Spectra, Police and Security Bulletin, Police Newsletter, Popular Communications, Privacy Journal, Private Security Case Law Reporter, Professional Protection, QST, Radio Communications Report, Radio Electronics, Security Dealer, Security Law Newsletter, Security Letter, Security Management, Security Systems Administration, Security Systems Digest, Security World, 73, Signal, Systems and Software, TAP, Technology Review, Technology Today, Telecommunications Week, Teleconnect, Telephone Engineer and Management, Telephony, The Tortoise Report, and Washington Report. All in all, we think that this is quite a list, and rereading it reinforces our belief that we did the right thing in ordering a rapid reading course! To get back to the question which started our research: Yes, we do read Telephony, and we also read Telephone Engineer and Management which is very, very similar. These magazines both seem to be addressing themselves to telephone company decision makers, but their classified sections are full of help-wanted ads for cable splicers and installers. Regardless of their intended or actual readership, we find a lot of interesting material in the ads and in the new product announcements. (Most of this material, unfortunately, does not relate to countermeasures.)By the way, in our opinion Teleconnect is much more fun to read, and more informative in many ways. INTERESTING NEWSLETTERS The Washington Crime News Service publishes several interesting newsletters including Security Systems Digest and Computer Crime Digest. For a complete list, and maybe some samples, contact Betty Bosarge, Washington Crime News Service, 7620 Little River Turnpike, Annandale, VA 22003. Tell her Jim Ross sent you. BOOK REVIEW This book was recently advertised in a national publication, and sounded interesting so we bought it. How to Avoid Electronic Eavesdropping and Privacy Invasion William W. Turner. Paladin Press. Copyright 1972. Perfect Bound. 192 pages. $9.95. The back cover of this book says that the author was a special agent with the FBI for ten years, graduated from their "Sound School", and handled wiretapping and bugging assignments. The content of the book demonstrates that the author has much experience which could have been the basis for an interesting book on the equipment, techniques, and practices with which he was familiar. In addition, he probably could have told many meaningful and engrossing "war stories" without endangering sensitive information; but, sad to say, there are only brief references to his experiences and a few revelations as to FBI parlance. Instead of a book of real, practical information based on experience, the publisher has produced a book with two outstanding flaws: first, there is a lot of "filler" material, and, second, the author tries to explain how some electronic systems work without knowing how they work. The most blatant filler material is one section of 28 pages which is merely a reprint of Title III, PL 90-351, and a full 50 pages of a verbatim copy of the detailed report of a man who was working under cover as a gofer and clerk within a drug company in order to collect information on that company. This section contains painfully detailed reporting, but little which relates to the title of the book, viz, "8/18/65 I was ill and didn't work today. 8/19/65 This was a rather slow day here. We had only one shipment come in, containing over-the-counter items and cosmetics. Enclosed is the label......" To a professional communications-electronics engineer, one jarring feature of this book is the author's incorrect use of electronic terms which have precise meanings. My feeling is that, if you do not have any education in electronics, you'll be bamboozled by the technical misinformation; and if you do have an education in electronics, you probably don't need this book. TRUTH IN ADVERTISING? The Washington Post and other prestigious newspapers continue to run ads for a tap detector which will not detect a simple $15 tap and a bug detector which will not detect a $20 bug. Can it be after all these years that they still don't know that these gimcracks don't work, or is it that they are more interested in the ad revenue than they are in the truth? March, 1984 FEEDBACK The prize for the first feedback on our letter # 2 goes to Doug Kelly, who said that he liked # 1 better than #2. His comment caused us to take a critical look at #2, and we found that we agreed. Too negative. Like it was written by some old sourpuss, mad at the world. Thanks for your comment Doug. We're going to make a real effort to let the real Jim Ross with his very positive attitudes shine through better in the future. HITS We cannot testify to the accuracy of any of these reports of espionage and successful countermeasures activities -- we just pass them on as items of interest. After our first issue which contained a comment about the speaker of a speakerphone being connected across a spare pair, we got a call from a fellow in Texas who said he'd been in the countermeasures business for six years, and had never seen that compromise until the previous month, when he found two! We also received a call from Arizona which reported that an FM transmitter had been found in a Sheriff's telephone along with a hook switch defeat system. Last, but not least, a "usually reliable source" reports that a compromised telephone instrument was detected in a high level office of a petrochemical company which was the target of an acquisition effort. He also said that detection of throwaway transmitters in hotel rooms which had been selected for negotiations resulted in their hiring guards to be sure the rooms stayed "clean". REBUTTING THE REBUTTAL Recently Security Management carried an article by Doug Kelly on the subject of debugging in which he set out some guidelines relating to "sweeping". In the February issue of the magazine is a letter offering a few unsubstantiated opinions to correct "errors" in the article. There is not enough room here to comment on all of the pronouncements in this letter so let's concentrate on one of the letter writer's opinions, namely that a spectrum analyzer "lacks sensitivity and low frequency coverage" and should be used only in conjunction with a countermeasures receiver. First, the Texscan AL51-A can be tuned down to 20 KHz, and we really can't imagine anyone building an RF bug to transmit through free space at this low a frequency. The antenna would need to be a city block or two in length; the final tank, in order to get a decent Q, would need a coil as big as a barrel; and if the Q were too low, we'd have harmonics which would probably lead to accidental discovery of the bug because of emissions in a broadcast band. In other words, a bug for transmission through free space would be very impractical because it would be very large and, therefore, hard to conceal. But how about carrier current, the transmission of RF energy over existing lines (power or telephone)? To check for this type of threat Doug Kelly uses (and we use) a carrier current detector that tunes from about 10 KHz to over 700 KHz, so if the bugger is using carrier current we have the means to detect his signal. The letter writer's other criticism of the spectrum analyzer is that it is not sensitive enough, so let's look at some real numbers and do some simple math. The analyzers that are used in countermeasures operations are normally the rugged portable units such as the Texscan AL-51A, the Cushman CE-15, and even the Motorola Service Monitor R-2200. These units have sensitivities ranging from about 0.5 to 1.5 microvolt, depending on frequency, type of modulation, bandwidth, signal-to-noise ratio, etc. (This sensitivity rivals that of most surveillance receivers.) If any of these units is operated properly in the search for an RF bug, it will probably be within a few feet of the bug during the spectrum analysis -- let's say, to be very conservative, the antenna will be within ten feet of the bug while the operator searches the spectrum. The listening post, on the other hand, will be well removed from the target area in the normal case. Let's say, to make the numbers easy, that it is either 100 feet away or, more realistically, 1,000 feet away. Maxwell's equations tell us that the far field diminishes as the square of the distance from the radiating antenna, so the field strength at the two possible listening posts will be 1/100 or 1/10,000 of its value at the spectrum analyzer. To translate these voltage ratios into dB we use the formula: Ratio(dB) = 20 log V1/V2. This computation tells us that we have either a 40 dB (listening post 100 feet away) or an 80 dB advantage (listening post 1,000 feet away) over the bugger. With this kind of an advantage, it doesn't matter if the bugger's receiver is one or two dB more sensitive than our spectrum analyzer; and, of course, with a 40 or 80 dB advantage, the TSCM technician doesn't need the additional one or two dB gain in sensitivity that he might enjoy if he lugged along a surveillance receiver on every job. N.B. These paragraphs have addressed only the letter writer's contention that a spectrum analyzer lacks sensitivity and low frequency coverage. The many other positive positions taken by the letter writer are deserving of similar analyses, but they will have to wait. QUESTIONS AND ANSWERS Q. When you are checking for a radio bug with the spectrum analyzer, why don't you just use the audio output of the spectrum analyzer and look for the audio feedback whistle? A. Quickly tuning through the spectrum with the spectrum analyzer demodulating each signal is a possible fast method of RF bug detection, but it has a few drawbacks. First, if the bug is using modulation on a subcarrier which is modulating the main carrier, you will not get any audio feedback because the unmodified analyzer is not capable of double demodulation. Next, I believe that it is possible to tune through the signal from a nearby bug without creating audible feedback. Also, the Texscan gives you the option of either narrow band FM or AM detection and it is possible to demodulate FM with the switch in the AM position; but the converse is not true -- so you would have to be continually switching from one detection mode to the other as you tuned through the spectrum. Last but not least, the AL-51 has a characteristic rattle when the audio gain control is turned up too high while in the FM detection mode. This rattle (high pitched motorboating) can easily be mistaken for audio feedback oscillation. For all of these reasons, I do not use this technique when looking for an RF bug. Q. What are the specs on that AIWA TP-M7? A. It's really a good thing that we do not normally accept the claims made by salesmen, or we would have answered this question incorrectly. By actual measurement, we got 17 minutes on one side of an MC-30 microcassette, and exactly 30 minutes on one side of an MC-60 with the AIWA operating at 2.4 centimeters per second. If you were to operate it at 1.2 cm/s, you should get double the above recorded times. (We haven't measured it, but we have the feeling that the recorder is slightly more sensitive at the higher speed.) Don't forget that if you use the SLSS (Sound Level Sensing System), the tape will only be running when there is some input above the threshold level that you set; and, therefore, you can expect one tape to cover many hours -- depending on sensitivity setting, level of background noise, etc. Q. How much do you charge for your TSCM services? A. The amount charged for our services depends on a lot of things, but a good estimate for an average job would be $300 per room and $100 per telephone instrument. After we have computed the "ball-park" figure using this simple formula, we modify it based on factors such as: is the job a continuing effort or a one-time affair; is it a residence or business; an isolated, protected building or part of a multi-tenant building; etc. We do not charge by the hour -- too much temptation to stretch it out, and too much temptation for the client to try to rush us. Usually we quote a $500 minimum for a local job, and a $1000 minimum on a job which requires extended or overnight travel. Q. Our company is considering the purchase of encryption equipment to protect data and facsimile transmissions. Can you provide a list of vendors? A. This is a field which is changing rapidly, and a full answer to your question is not possible in a few words. However, there is a good report available which provides copious detail on established manufacturers of voice scrambling and encryption equipment. This 182-page report, Who. What and Where in Communications Security, is available at $75 from us or from the publisher, Marketing Consultants International. (If you are a consulting client or seminar participant, your special price from us is $50.) BOOK REVIEW BASIC ELECTRONICS THEORY -- with projects and experiments Dalton T. Horn. 532 pages. Hard cover. Copyright 1981. Tab Books #1338. Tab Books, Blue Ridge Summit, PA 17214. $19.95. A self-study text on electronics should presume no knowledge of the subject matter on the part of the student, and should lead the student slowly and carefully along. This book does just that. It does not use any complicated mathematics which means that some of the explanations are quite simplistic and incomplete, but at least the reader does not have to struggle through math that he does not understand. (In our opinion there is nothing wrong with this approach if the student recognizes that, if he wishes to advance to a level higher than technician, he'll have to spend time learning the necessary mathematics in order to be able to profit from the more advanced books in the field.) In looking through this book, we found no real errors. -- That may sound like a left-handed compliment, but it wasn't meant to be; some of the technician-level books currently in print are loaded with errors! The only criticisms that we have are that the author used the word "bridge" the way telephone company people use it rather than the way it is used in electronics (see our glossary); and, for some reason, the electret microphone is not listed in the section on microphones. Other than those two minor items, we found the book to be excellent for its intended purpose. It provides a nice blend of practical content (pictures of components, simple projects and experiments) with fairly complete technical explanations of how things work. The author covers all standard components including vacuum tubes and solid state devices, and even briefly goes into how stereophonic sound is transmitted and received, TV, and even a short section on digital computers. If you are just getting started in electronics, we recommend this book. SECURITY LETTER Robert McCrie is the editor of Security Letter, an excellent publication which is currently offering (until March 31) a special rate to new subscribers. Address: 166 East 96th St., New York, NY 10128. TELEPHONY Something striking happened in 1983. For the first time since this seminar program started in 1977, phone companies began to send people to our seminar -- where we discuss, among other things, tapping telephones, how it's done, and how to protect yourself. In an effort to reach more phone company people we began sending news releases to Telephony magazine, but they never ran a single word about our activities. (Ours, by the way, is the only seminar on this subject which is a seminar, and not a pitch to sell equipment.) So we asked the editor why his magazine had never run any information on our seminar, and he responded that the magazine is telephone company specific and tapping telephones is something which relates to industry as a whole! Considering the number of telco security people who have attended our seminar, we wonder if his subscribers feel as he does. Oh well. COMMENTS AND QUESTIONS The main purpose of this letter is to shed some light on an area of communications technology which has suffered too long from the lack of light, and your comments and questions will help shape its content. April, 1984 OBJECTION! Recently Security Management ran a series of articles on the computer crime problem. Unfortunately, many of the articles were written by lawyers -- and you can easily guess what their proposed solution to the problem was. That's right: they are proposing to enact some additional laws! We object to this approach on principle, in general, and in detail. We object on principle because, in our lifetime, we have watched our federal government legislators, time after time, try to legislate the solution to a problem; and usually in the process they create problems many times worse than the one they were trying to solve. We give it as our fixed opinion that there is a sickness in this land, the virulence of which increases with proximity to the Capitol; and that that sickness is the ingrained belief that the federal government can legislate a solution to any problem. In general we object to the tenor of those articles because they did not even attempt to define the problem before they proposed methods of combatting it. (There seemed to be an assumption that the computer crime problem consists solely of hackers gaining access to computers by telephone, and the authors seemed to be unaware of any other facet of computer crime.) In detail, we object because so many uninformed opinions were offered as facts. Two of those unsupported conclusions are: "....all indicators point to a bright future for the computer criminal." and: "Law enforcement sources are quick to point out that professional criminals can, in time, learn to circumvent even the best computer security measures." We disagree. It is our professional opinion that the indicators point to technological developments (equipment, procedures, and techniques) which will diminish the overall chances of success for computer criminals. For instance, currently available hardware includes telephone access control systems featuring call-back to the authorized telephone number and cryptographic systems that would take thousands of years of computer time to break. More important, however, the computer itself is a fantastic tool to use in innovative new audit procedures to catch the main culprit -- the trusted company employee who has figured out how to rip off his employer. More on this (much more) later. Please note that we are not taking the position that no legislation is needed. Our point here is that the computer crime problems cannot be cured by legislation. Laws prohibiting trespassing, theft, vandalism, conversion after trust, etc. may well need to be broadened to include data being stored or transmitted electronically or optically. QUESTIONS AND ANSWERS Q. How can you claim that your seminar is "the only seminar on this subject which is a seminar, and not a pitch to sell equipment"? A. We make that claim because, to the best of our knowledge, it is completely true. First, our seminar is a seminar. It is not a lecture. It is not a training session. It is not a workshop. It is a seminar in every sense of the word. Look in a good dictionary; or, better yet, ask some educators to list the characteristics of a seminar. They'll tell you that it is an informal meeting of a small group of advanced students with their professor, characterized by a lot of "give and take" between all of the participants. Our seminar participants are not specialists in electronics or communications (in eight years we've had only two people with EE degrees); but they are senior security people -- they are directors of security, government and private investigators, businessmen, managers, etc. They are people with a lot of experience, and they are advanced students in our view. The size of our seminar group is deliberately kept to a small number, and this old professor tries his best to keep the atmosphere informal so as to encourage two-way communication, the key to learning. Yes, this company does sell equipment. However, we do not sell for any one manufacturer; in fact, we do not even endorse the entire line from any one manufacturer. During the seminar we make recommendations in response to specific questions, but no effort is made to sell equipment and we sometimes have the situation that a seminar participant will take our recommendation and go directly to the manufacturer to order. It is possible that one or two of the one-week and two-week technician training courses are not pitches to sell equipment, but that would not invalidate our statement because a hands-on technician training course is not in any way a seminar, regardless of what it is called by its promoters. Do the sponsors of these other "seminars" try to sell equipment to attendees? The literature that one of them sends to prospective distributors says, "Remember, seminar attendees are customers." The literature describing a Monday-through-Thursday workshop explains that attendees who have purchased equipment may stay over for an intensive hands-on day of training on Friday! Yes, these companies are trying to sell equipment at their sessions, and we do not criticize them for that. However, we are not aware of any true seminars, other than ours, which are not heavily oriented toward the sale of the sponsor's equipment. Q. Why have you been reviewing books about basic electronic theory in the COMSEC LETTER? A. Those reviews have been included for two reasons. First, some young folks (Have you ever noticed that some old folks don't want to even be exposed to anything new?) have asked for just this information. Second, Jim Ross thinks that many people now working in the field of countermeasures should begin to learn electronics because they will soon face a vital life decision. Either they are going to have to learn some electronics theory so that they can work on new systems, or they'll have to join the charlatans and put on a good act, or they'll have to get out of the business. In the past it might have been sufficient to memorize the normal connections on the network in standard telephones like the 500, the 565, and the 1500; but we're here to tell you, in case you hadn't noticed, things are changing! New instruments with new features are being introduced daily. Even the AT&T Phone store now offers equipment with new features like automatic redialing of a busy number. (For more detail on the proliferation of new instruments, features and systems, see the next segment, "What's Happening?".) WHAT'S HAPPENING? In case you haven't looked recently, we're in the midst of a telecommunications revolution. Divestiture, Ma Bell, Baby Bells, LATAs, RBOCs, and so on. Something else is happening which is, we think, of major import to all who claim to be professionals in the countermeasures business -- and that something is an astounding increase in new telephone equipment and features, with more being introduced every day. To back up that observation with some facts, we offer the following: The February 1984 issue of Today's Office magazine contained a buyer's guide detailing the features of the PBXs currently available. Included were 91 different PBXs from 26 different manufacturers! However, it appears that the Today's Office researchers missed a few because the March issue of Teleconnect had a much shorter review of PBXs, which contained 9 that were not listed in the other feature. To further reinforce the same point, a quick survey of the March issue of Teleconnect reveals that that one issue, in ads and text, showed or mentioned 27 different PBXs and 56 different telephone instruments from 36 different manufacturers. Things are changing, and the wise will plan ahead. HELP! When we published a list of periodicals that we read, we had no idea that it would generate so much response. We've had so many requests for addresses of magazines that we can no longer answer all of them individually, and still have time to get anything else done. Therefore, we are mailing, with this letter, an updated version of the flier which lists the security publications that we offer for sale. In this flier you'll find address lists for periodicals, membership organizations, manufacturers, etc. If you buy the periodicals address list, and find that we missed any that you are interested in, let us know and we'll revise the list again and send you a no-charge copy of the new one. NEWSLETTER If you work in security in an organization which has many employees, significant assets, or the appearance thereof, Private Security Case Law Reporter is a publication you should take a serious look at. It is exactly what its name says, and it could save your company a bundle by advising you of law precedents. Contact the publisher, Richard M. Ossoff, at 1375 Peachtree Street NE, Atlanta, GA 30309. TIMM-2 While counselling a TSCM practitioner recently, we advised him to look in his TIMM-2. He countered with, "I don't have one. Where can I get it?" We're stumped. Do you know of a source? If so, please let us know. LEA used to sell them, but the last time I tried to order they were out. Maybe we'll have to have some copies made of ours and add it to the publications list. (If you've never heard of it, TIMM-2 is a telephone installation and maintenance manual which is extremely helpful in the TSCM business if you are working on one of the standard telephones.) FEEDBACK Your comments are solicited. Ideas for technical essays, critical comments, questions, rebuttals, whatever. Send them along. Also, we'd like to hear any ideas that you may have regarding the format (layout etc.), or anything else to make it better. CHALLENGE Can you write a good definition for "tap"? No, not a water tap; tap as we use it in our business of privacy protection. We'll offer ours in an upcoming COMSEC LETTER, but we'd like to hear yours -- might even publish it and give you credit in print. May, 1984 WHY ARE WE DOING THIS? This interesting question has been asked a few times, and deserves an answer in print. As we have mentioned before, the very sensitive information will not be revealed in a general distribution newsletter -- not because we're trying to prejudge how it will be used by our readers. Not at all. We don't reveal everything because some of our earnings come from consultation, and if we gave everything away free, we'd starve. Purely practical. But as to why we've embarked on a mission of educating anyone interested in a field that many consider very sensitive, let's go on record. We believe that strength comes through education and communication is the route to education. To those who cry, "You'll teach all those bad guys how to tap telephones and plant bugs!", we say, "Hogwash! The bad guys already know those things. The bad guys are totally goal-oriented, and they have a communication system which is nearly perfect." The level of education and training necessary to build and use electronic equipment capable of doing a good job of bugging or tapping is 9th grade hobbyist. If we, the good guys, are to have any chance at all to protect ourselves, we must know what the threats are and what the appropriate countermeasures are. Our objective is to provide accurate, usable technical information to anyone who wants it because we believe in strength through knowledge. We believe that the entire ethical community will be better off when more people understand what is really possible in the field of technical surveillance and technical surveillance countermeasures. TECHNICIAN TRAINING COURSES We have had some inquiries regarding sources of training for countermeasures technicians so we'll relate what we are aware of, and ask anyone with pertinent information to send it along. First, a general comment. A person does not learn how to be a competent countermeasures technician with a few hours of training. In our view, education, training, and experience are all required, and the amount of each is dependent on each person's background. Someone with a lot of good experience in investigations, a ham radio experimenter, some telephone people, some military communicators, and some electronic security people will easily learn the TSCM trade. However, we all know that some people learn more in one year on the job than others learn in ten, and we've all met the theoretician with a string of degrees and no practical sense. So there are no set rules, and no absolutes as to how much training it takes. To try to put it into perspective, the technician course at Capitol Institute of Technology consists of two hours of class and two hours of lab four days each week for one full year, and this course is not quite enough to ensure passing the test for the FCC Commercial Radiotelephone License. Now let's consider the training courses which are offered. Dektor, the last we heard, offers a one-week and a two-week course for countermeasures technicians. I have seen their classroom and I sat in on one of the lectures. Each table seats two students, and it looks like each table has one tool kit and one telephone for hands-on training. Their instructional material gives the impression that they try to start at zero and cover all analog electronic communication theory assuming no prior knowledge on the part of the student. My feeling, therefore, is that they may be trying to do too much in a short period. Dektor is located in Savannah, Georgia, and if you are interested, contact Bill Ford or Allan Bell. Down in Texas there is a course which looks very similar to the Dektor course except that they take their students into the field and show them how to enter telephone company pedestals, etc. Our information on this training program is sketchy and mostly derived from an article by Ted Swift who works for DEA and moonlights in countermeasures. (See: Training Countermeasures Specialists in the November/December 1983 Data Processing and Communications Security magazine.) Ted's article says the teacher is Charles Taylor, and you can reach him at Texas A & M University. ISA (Information Security Associates) has just announced a four-day workshop which, again, sounds very similar to the Dektor course. This course has not been presented yet so we have no feedback from any attendees. ISA is located in Stamford, Connecticut, and your contact would be Dick Heffernan or Sam Daskam. Jarvis International Intelligence Inc., located in Tulsa, OK, offers an interesting array of training courses such as: Technical Surveillance, Eavesdropping Countermeasures, Technical Intercept, Methods of Entry, and Computer and Data Security, . Your contact here would be the president of the company, Ray Jarvis. BOOK REVIEW How To Get ANYTHING ON ANYBODY. Lee Lapin. Copyright 1983. Auburn Wolfe Publishing, 584 Castro St. #351, San Francisco, CA 94114. $29.95 plus $4.00 P & H. Toll free order # 800-345-8112. This perfect bound, 264 page, 81/2 x 11" book is a good source of information. It is written in a flippant and irreverent style, but it contains a tremendous amount of information which can be of great value in two different ways. First, if you want to "get" something on somebody, it might tell you how; and, second, if you think you have to protect yourself, this book might give you an idea of how someone might attack your privacy. Don't believe all of the promotional material (including some in reviews). The "undetectable" bugs are not undetectable, etc. In fact, don't believe everything in the book. Some of the equipment touted is pure junk; the analysis of lie detection methods and equipment varies from insightful to simple recitations of some extremely shallow and unscientific "studies"; some of the conclusions stated as facts are questionable, and so on. Regardless of its shortcomings, however, we like its style, and are really impressed with its content. Those portions dealing with our specialty, even with the obvious errors in theory and equipment evaluations, are probably of more value than the government reports which cost us taxpayers millions of dollars. It's worth the price. KUDOS A couple of times we've been critical of the content of some material published in Security Management so it's only fair that we also sound off when they do something worthy of praise. 'Tis time. Several months ago they carried an article pointing out that optical fiber would be a great way to carry the alarm and supervisory signals for intrusion detection systems because an optical fiber link is next to impossible to tap as contrasted with wire lines. The author's point was that a bad guy could tap into a wire line and figure out the coding used to pass information back and forth and then use this knowledge to fool the central station by sending normal responses to it while he is breaking in. We don't have all of the details, but heard last month that this scenario had actually occurred in NYC. A high level protection system was tapped by the bad guys, and they figured out how the intrusion detection system reported "All OK" so they substituted their equipment which kept telling the central station that all was OK while they broke into a bank and made off with a bundle. WAY TO GO, AT&T! We just received six AT&T credit cards. Surprise #1: they were mailed to us bulk rate. We're surprised because they were probably trying to save postage, but our experience with bulk rate has been that many pieces get lost ..... and we wonder what happens to lost credit cards. The other reason that we were surprised is that they mailed these six cards in six different envelopes -- which means that they paid six times as much postage as they had to! (Up to three ounces bulk rate costs the same as one featherweight piece.) Welcome to the competitive world, AT&T. TIMM-2 Last month we asked for a source of TIMM-2, and so far we have received replies from Jeffrey Larson and Charles Augustine which confirm that the TIMM-2 is out of print, and giving us the information on its replacement. Thanks guys. If you need wiring diagrams, parts ordering information, wire pair standard assignments, etc. for standard telephones (Ma Bell types only, we presume), you can order the ITT Telephone Apparatus Practices Manual, PN 820870-101, from ITT Telecommunications Corp., Box 831, Corinth, MS 38834. It sells for $50.00 paid-in-advance, and will be shipped via UPS about 30 days ARO. In addition, GTE and REA (Rural Electrification Administration not Ross Engineering Associates) have various publications. We're trying to find our copies of their catalogs so we can add their addresses, etc. to our lists of sources of information. While we're on the subject of the TIMM-2, has anyone ever found a standard telephone which needs all four wires which run between the handset and the instrument? All of the schematics that we have checked show two of these four conductors connected together inside the instrument which means, of course, that one of them is superfluous. A connection inside the handset would do the job. YOUR COMMENTS, PLEASE In the March 26 issue of Telephony in the section entitled "Plant Man's Notebook" there was an item which raises some questions. This news item said that the Barnes Hospital in St. Louis had saved a fortune on new wiring for its new telephone system by buying the old wiring from Southwestern Bell for $600,000. That's interesting because, in our experience, old wiring is normally abandoned by the Bell companies. When we work on countermeasures in buildings which have had many tenants we find layer on layer of old wiring which has been abandoned. In fact, we've often joked about starting a new side business in which we charge clients for removing old wiring as a communications security measure, and then selling it. We are certainly not all wise and all knowing when it comes to all of the phone companies everywhere, but we thought that all of the Bell companies used to operate the same way. So then, the questions are: Do all Bell companies abandon old wiring? If so, does that mean that Barnes Hospital paid $600,000 for something that they could have had for nothing? If they don't abandon old wiring, what is all this stuff we've been working around and taking pictures of? Do some companies sometimes recover old wiring? If so, which companies? And how do they decide what to leave behind and what to recover? Your comments, please. QUESTIONS AND ANSWERS Q. Why are you opposed to the LEIU? A. Primarily because we believe that the LEIU is an attempt to thwart the law by people who are sworn to uphold the law. (For anyone who is not familiar with the initials, LEIU stands for Law Enforcement Intelligence Unit. The best reference that we have seen regarding this extra-legal activity by law enforcement organizations is the book, The Private Sector, by George O'Toole. In his book O'Toole in a calm and totally unsensational manner provides details on this activity/organization.) Now it's always possible that our information is incorrect, and therefore, our conclusions are all wet; but we see the LEIU as an effort on the part of participating police departments to collect "dossiers" on people in this country without running the risk of having to reveal the contents of these dossiers under the provisions of the Freedom of Information Act. If this is its purpose, we are opposed. It's not that we are not sympathetic to the plight that law enforcement people find themselves in when some kook takes a shot at a public figure. We don't like to see anyone taken advantage of, and the media hue and cry following such an event certainly is good for ratings and sales of newspapers, but it is not at all fair. What we refer to is the accusation that the Secret Service, the FBI, or whoever should have known that that man (or woman) was "after" the president or the senator, should have had him/her under observation, should have locked him/her up long ago, etc. We're sympathetic, but we're still opposed to the LEIU. No one who has any depth of knowledge about Jim Ross will ever accuse him of having a soft spot in his heart for politicians, especially legislators; but dear friend and fellow voter, we put those legislators in their powerful positions and they represent us. If the laws that they pass are lame-brained, then we should replace the legislators, not concoct ways to violate the laws. It is especially distressing to consider that the people who operate LEIU are the people who have sworn to uphold the law. NEWSPEAK In the May 1984 edition of the magazine, Inc., there is a full-page ad by IH (the International truck maker) which proclaims, "When idling, our 6.9 liter medium diesel burns about 300% less fuel than a comparable gasoline powered engine." Now let's see -- if the gasoline powered engine burns one gallon per hour, 300% less would be 3 gallons per hour less, or a net increase of 2 gallons per hour. Better not let that diesel idle too long, or you'll be pumping diesel fuel all over the street as the fuel tank overflows! CORDLESS TELEPHONES Recently the Washington Post newspaper ran a feature article on the privacy problems people face when using cordless telephones. The article seemed to imply that some expensive equipment or special knowledge is required to listen to these calls. 'Taint so. If you want to alert your management to the ease with which these calls (and possible others) can be overheard, here's what you do. Buy a low cost scanner (We like the J.I.L. SX-100 @ $129.95) and scan the five transmit frequencies used by the hand-held units (49.830, 49.845, 49.860, 49.875, and 49.890 MHz). Once you are certain that there are cordless telephones operating near your office, call a meeting and let your execs hear some calls live. They'll be astounded at the things people will say on the air just because they're talking on a telephone and they know that it is a private conversation. (By the way, listening to what is on the radio is legal, but revealing what you hear, acting on information received, recording, and a few other things are illegal under federal law. Consult a communications lawyer for details.) June, 1984 EDITORIAL Now that we've completed one half of our first year of publishing this newsletter, it's about time to advise you of our intentions. From the outset, the objective of all of our educational efforts has been to shed some light on the technology variously know as ECM, TSCM, countermeasures, countermeasures surveys, sweeps, etc. and the full field of protection of privacy. This newsletter is called COMSEC LETTER because we believe that communications security deserves top billing in this field. Our education and experience dictate that we emphasize electronics; however, because of the interest that your editor has in good communication (in the generic sense), the letter will contain material which addresses good communication overall -- not just electronic communication. Further, because the telephone companies play such a large part in communications, the letter will contain a good deal of information which relates to the phone companies. With regard to communications in general, in this letter you'll find criticisms of the creeping degeneration of our language due to the ever-more-popular habit of using a euphemism in place of the correct word. You'll also find that this engineer, as do most engineers, usually prefers accurate, precise words, rather than some of the ambivalent words which change meaning depending on what the speaker (or listener) wants them to mean. Further, we really believe that 1984 is here. Our government is not yet as far along as the government in the book; but, with a lot of help from media, industry, PR flacks, and super-addlepated bureaucrats, NEWSPEAK is here, and we'll serve up small doses of outstanding examples from time to time. Meantime, back at the ranch, there is still an urgent need for full, complete and accurate information on the threats to privacy through the use of electronic equipment and techniques to intercept communications and to alter or steal stored information. COMSEC LETTER is our first effort to begin to address that need. We also have plans for a series of technical essays and a book, but while those things are in the making, this letter and the "Electronic Spying and Countermeasures" seminar are the principal media for an exchange of ideas on this technology. Also, we'll describe electronic technician training courses from time to time. Last but not least, we try in each issue of the newsletter to provide some information on sources of information such as books, newsletters, magazines, etc. To sum up, even though the title is COMSEC LETTER, this newsletter relates to good communication overall, and to the protection of privacy overall. YOUR EDITOR'S MAIN BIAS Let's face it. everybody with a functioning brain and experience in this world has some bias. Some are strong. Some are weak. Some are dangerous, and some are innocuous. Edward R. Murrow is quoted as saying, "Everyone is a prisoner of his own experiences. No one can eliminate prejudices -- just recognize them." I have a natural dislike of people/organizations which take advantage of others -- sometimes I even feel sympathy for a politician who's getting unfair treatment by our fourth estate! However, my principal prejudice is that I hate a cheater, especially one which is clearly dominant in its field. My experience has been that the dominant organization in any particular field tends to try to take advantage of people in ways that would probably get a "Mom and Pop" organization in trouble. Example #1: Hertz ran a full page ad in the Washington Post to deliver the message that it is better than its competition because "you never pay a mileage charge at Hertz". The day the ad appeared I received the bill from Hertz for a car that I had rented in the Washington suburb of Frederick with -- you guessed it -- a mileage charge. (The Frederick Hertz manager has since confirmed that he still charges for mileage even though Hertz has signs in airports proclaiming "From here to eternity, there's never a mileage charge at Hertz.") (Is Frederick on the other side of eternity?) Example #2: Bell Atlantic is trying to sell its cellular mobile phone service called Alex, so they run a full page ad in the Washington Post business section which shows a smiling, handsome young man holding his Alex telephone in his automobile and saying "The first call I made with Alex paid for this car." (Now, we all know that a telephone call does not pay for a car, but it's reasonable to assume that the ad-writer was trying to imply that some business deal was consummated during the call, and that business deal earned a profit which was great enough to pay for the car.) I think that if an ordinary (non-dominant) business had run that ad, it would have been forced to produce hard evidence that the picture was of a real customer and that his first call had actually earned enough to pay for the car; or that company would have had to face some kind of sanctions from government or consumer protection organizations. However, the Washington Post is certainly dominant as is Bell Atlantic, so that's the end of that. Yes, your editor is biased -- primarily against dominant businesses which try to take advantage of others. He also has a problem with people who cheat whether by taking a parking place reserved for the handicapped or by not living up to agreements like finders fees, etc. However, his principal prejudice relates to the giants and shortly you'll see comments on some businesses which are super-dominant, namely utilities (especially the phone companies). SP Tony Anastasio points out that IH may have trouble with math, but, at least they know how to spell "diesel". (Confidentially, we know how to speel it also; we just put in errors like that to see if anybody reads these letters.) (And if you believe that, send us your name and address --there's a bridge we'd like to sell to you!) Thanks Tony. BUYERS' DIRECTORY Data Processing and Communications Security magazine has just published a directory of suppliers of products and services for computer and communications security. The directory lists over 900 vendors classified into 22 categories and 165 subcategories. The book seems to be reasonably complete (some of the "interesting" companies do not appear, by choice or by accident, we do not know). It is now available, and the price is $10.00. Contact Paul Shaw, Data Processing and Communications Security, Box 5323, Madison, WI 53705. Phone (608) 231-3817. NEW CORDLESS FREQUENCIES Starting on October 1, 1984, there will be twice as many frequencies authorized for cordless telephones and the base stations will no longer transmit at about 1.7 MHz using power lines as antennas. Both base and handset will transmit through conventional antennas with the base frequencies starting at 46.61 MHz and the handset frequencies starting at 49.67 MHz. It's reasonable to assume that the market for the old equipment will dry up, and prices should drop drastically as the starting date for the new channel pairs approaches. The new frequencies (in MHz) are: Channel # Base Frequency Handset Frequency 1 46.61 49.67 2 46.63 49.845 3 46.67 49.86 4 46.71 49.77 5 46.73 49.875 6 46.77 49.83 7 46.83 49.89 8 46.87 49.93 9 46.93 49.99 10 46.97 49.97 COME NOW! Telephone Engineer and Management in its April 15 issue reports that the US Air Force, because of divestiture, now pays $800 for service that formerly cost $75, and $445 for a plug that used to cost $7.50! We wonder if both parties to these transactions don't think that they are dealing with play money. Somebody wake them! However, their fiscal irresponsibility seems almost sane when compared to the article's final fillip which said, ""While the Air Force said it will search out new suppliers in an attempt to lower costs, it was doubted that an adequate competitor can be found because of the sensitivity of services." Can you believe that the editor of a responsible publication would swallow such an inanity, and then lend credence to it by publishing it without comment?!?! Can you believe that the US Air Force takes the position that only AT&T, among the qualified vendors, can be trusted?!?! (The way AT&T is taking them to the cleaners financially, we wonder why the USAF thinks they can be trusted with "sensitive" information.) Come on, Air Force. Try calling GEEIA, or the Signal Corps. Or if you must hire a civilian firm, we'll help you find many which are qualified, cleared, and can be trusted to refrain from stealing government secrets OR taxpayers' money. MAXWELL'S EQUATIONS REVISITED Maxwell's Equations tell us that the far field diminishes as the square of the distance from the radiating antenna. To look at it the other way, if you want to double the range of a transmitter you must increase its output power by a factor of 2 squared or four; a 10 times increase in range would require an increase in power of 10 squared or 100; and so on. Other things being equal, this is a simple mathematical relationship which holds up. Now comes an advertiser in security magazines who says his 1 watt transmitter has a range of 1-2 miles, and his 5 watt transmitter has a range of 8 to 10 miles. To increase the range from 1 mile to 8 miles would require a power increase to 64 watts, but somehow he does it with an increase to 5 watts. He should share his technical secret with the world -- or send his copy writer back to doing ads for soap which is "new and improved and lemon flavored." CORDLESS PHONES, AGAIN Not only are cordless phones a threat to your privacy, they may even damage your hearing. According to The Harvard Medical School Letter of April '84, if you happen to have one of the cordless phones which transmits its ring signal through the speaker (earpiece), and have it next to your ear when a ring signal is received; the sound transmitted out of the speaker can be of sufficient intensity to cause "instant and permanent destruction of nerve cells responsible for detecting sound." PUBLICATIONS FOR SECURITY MANAGERS "International Terrorist Attacks" and "Political Risk Letter" are two publications that might be of interest to our Security Manager readers. For a sample, contact Victor Hertz, Frost and Sullivan, Inc., 106 Fulton Street, New York, NY 10038. (212) 233-1080. July, 1984 QUOTE OF THE MONTH "There's plenty of precedent for a trade press that has no original thinking. God knows." Teleconnect, July '84. QUESTIONS AND ANSWERS Q. Is equipment available to identify the telephone number of the calling party? A. The answer to this question is a qualified "Yes." We know, for instance, that many emergency (911) boards have the ability to freeze a call so that the caller stays connected to the emergency board no matter what the caller does. We've been told that some of these boards have the ability to display the identity of the calling number (and probably the name and address of the subscriber). However, we're quite certain that such a capability will not be universal any time soon because it would require a tremendous expenditure to implement in the older exchanges. We have been advised that Bell has said that it will be totally equipped with the 56 Kb/s CCIS #7 (called CCITT # 7 in one article) before the end of 1985. (Considering the actual state of affairs, including the fact that Manhattan is not yet even fully converted to ESS, we wonder about the credibility of this schedule.) This version of the ESS switch will provide calling party identification in binary decimal coded form to each telephone switching center between the calling party and the called party's exchange. Therefore, the phone company will be able to identify the calling number of all calls routinely and instantaneously. This identifying tag, however, will not be attached to the call when the call is connected to the called telephone. (Seems like this would be easy enough to do, but apparently Ma thought we wouldn't need it or want it -- or maybe she's just protecting us from ourselves.) As we understand it after the new system is installed, subscribers will have the following options available for an additional monthly fee. 1) Calling number restriction. Subscriber will be able to instruct the computer to intercept calls from numbers which he specifies -- therefore, he can refuse to take calls from those pesky bill collectors, etc. (It may also be possible for the subscriber to provide a list of numbers from which he will accept calls, and all others will be intercepted.) 2) Call trace. If the subscriber wants to learn the calling number after the call is terminated, he can dial a code within a prescribed period of time and learn the calling number. Note that this can be done only after the call is over. During the recent seminar in New York, there was a discussion on this subject and we were left with the question of the availability of calling number identification at the called number while the phone is ringing before the call is answered. After checking with our consultants and talking to one of the manufacturers, this is what we come up with: Such a feature is currently available from several manufacturers, but the only callers which can be identified are those which are served by the same electronic PBX. That means that you would be able to see the identity of the caller only if the caller was another extension served by the same PBX. You will not have the ability to see who is calling from the other side of the PBX. Q. Who makes high quality scramblers? A. For a complete answer to that question I refer you to the publication, "Who, What and Where in Communications Security." There are many reputable companies in the field, but I'm not going to try to name any because I can't do the question justice in a few words -- so I recommend this 182 page book to anyone seriously looking at the possible purchase of speech scrambling or data encryption equipment. The book is a real "bible" with detailed information on the technology and the established manufacturers and their products. We offer it for sale at the publishers list price of $75, and we discount it to consulting and seminar clients at $50. If you want to know more about this report, drop us a line or give us a call, and we'll mail you some descriptive material. Q. What do you know about this Britton organization in Hawaii? Do any of their designs work? A. About seven years ago I bought a lifetime subscription from Don Britton Enterprises. It was supposed to guarantee me a copy of every new plan that they introduce for the rest of my life. To date, I have written to them twice; but I have never received a single plan since the first packet arrived. I don't know whether they are a con outfit, or whether there have been no new plans since I subscribed. I know they have my address because they keep soliciting my business. We have never built one of their designs, but they look reasonable, but be careful; when you try to build from someone else's plans, you find that most circuits have glitches in them. Q. Where does the stuff you put into your newsletters come from? A. The opinions are strictly my own. I hope they are based on real factual information, and I hope that they are helpful. If I am not really certain of the facts, I qualify the opinion. Many ideas come from questions asked by phone and during the seminar. Also, I have copies of most of the material that has been published, and most of it is so bad that it will provide ideas for many, many technical essays. The factual information that appears in this letter comes from many sources. Some, of course, is based on my education and experience. In addition, we subscribe to an unholy number of periodicals and also many people provide ideas and information. Stuff, indeed! Q. How do you rate the Dektor equipment versus the ISA equipment? A. Both companies sell high quality equipment. However, we do not endorse any manufacturer's line across the board, but in response to questions during the seminar we discuss specific items and cover the tradeoffs. (For more information, come to the seminar!) DATA COMMUNICATIONS PRIMER If you are involved with data communications in any way, we have a booklet to recommend to you. It is short, full of explanatory line drawings, full of good information in layman's language, and it's FREE. The title is Making It Through The Maze Of Data Communications and it's available from Infotron Systems Corp., 9 N. Olney Ave, Cherry Hill, NJ 08003. 609-424-9400. COMPUTER CRIME The current issue of Security Letter contains the results of a poll on computer crime. Much food for thought. Security Letter, 166 East 96th St., New York, NY 10128. POINT OF VIEW We were admonished (gently and courteously) recently because the site of our last seminar was advertised as New York City, but it actually took place in a suburb on Long Island. To all who thought that was deceptive, we offer our sincere apology. Our objective in naming a city is only to give folks coming from afar an idea of the locale. If we had said Uniondale, NY, even most natives would have had to look at a map to see where to book a flight to. There was no intent to deceive, but we've been thinking a lot about it and offer the following observations. This is the eighth year of our seminar. Most of those have been held in the Washington, DC area and our promotional materials all say "Washington, DC." All of these seminars have been held in a Maryland suburb and we have yet to hear a comment on this. Yet the first time we advertise New York City, and hold the seminar in a suburb, we're told that we are misleading. Why is this? Are New Yorkers that parochial? (If you'd care to comment, anyone, we'd be glad to hear from you. We'd be especially glad to hear from you Dick, because you were the first to bring it to our attention.) Another thought. We've heard West Point referred to as "in upstate New York." Now I lived at West Point for six years and I never for a moment considered that it was upstate. Maybe that's because most of my family resides in the Schenectady area. Of course, we have a daughter in Plattsburgh, and there's no doubt that that is upstate! It's all in your point of view. Again. Sincere apologies if anyone was deceived. By the way, we're now looking for a site in Manhattan for a seminar late this year. Any ideas? OUR STRANGE LANGUAGE Tender, as a noun, means "offer"; yet it is always used in the financial pages as an adjective modifying the word "offer", viz, tender offer. Excise, as a noun, means "a tax"; yet it is always used by lawyers as an adjective modifying the word "tax", viz, excise tax. Strange, no? LITERATURE Telephony magazine reports that the Bell System Catalog of Publications, PUB 10000 is now available. Contact Bell Communications Research Information Exchange, 30 Vreeland Rd. Rm. S103, Box 915, Florham Park, NJ 07932. INTERESTING CONTRACT We were asked recently if we could tap a telephone line for a private investigator with an unusual contract. It seems that he had been hired by a company to demonstrate that the records which are stored in their computer were vulnerable. Security managers: Good idea or no, in your opinion? By the way, we told the inquirer, "Yes, we can tap the phone. If you like, we can also provide the man to break into the computer and copy some files." NEW SCANNER Lee Greathouse of Personal Communications magazine sent us a product data sheet on the new Regency MX7000 scanner. Looks great. Synthesized (no crystals), 20 channels, 25 MHz - 512 MHz and 800 MHz - 1.2 GHz. Includes the new cordless frequencies and the cellular frequencies. However, we have heard that cellular will hop from one channel to another on each transmission -- which means that eavesdropping on one call will not be simple, even with a scanner like this one. AT&T (BUT A NICE COMMENT THIS TIME) At first we didn't think it was so nice. As a matter of fact, when we saw the charges on our bill for long distance information, we thought it was stupid and counterproductive of AT&T to charge for this service. However, after a little reflection ol' JAR decided that he was the one who was stupid. Why should AT&T give me free information so I can dial the call on MCI?!?! Wonder when we'll be able to get free information from MCI? August, 1984 SOME OF MY BEST FRIENDS ARE......... Telco employees. Seriously. It's true. I even have a cousin who works for Ma Bell. (Actually, she works for a Baby Bell.) The reason that this particular item is appearing at this time is that one of those friends, who is also a respected colleague in the countermeasures business, recently said, "Jim, I detect a hint of a bite in your words when you are writing about a telco. Very perceptive. If he had been less gentle, he would have said "a hint of acrimony", or "a great deal of antipathy". In any event, his comment triggers us to present this segment, so that you may better understand our bias with regard to telcos. Jim Ross may be good friends with some telco people, but no one who knows him will ever accuse him of being a friend of any telco -- at least not any telco with which he has had dealings. (There may be one which he could like, but he hasn't seen it yet.) So what's the problem? Why the antipathy? There are three main reasons for my dislike of telcos, and a mixed bag of other reasons -- some significant, and some quite insignificant. The first main reason is your editor's bias against dominant entities as explained in an earlier issue. The next main reason applies to any government controlled utility, and I'm sure that every other independent businessman shares some of my feelings. Every businessman has to stand on his own two feet and make a profit to survive. If he hires too much help, he loses his profit and maybe his business. If he makes a mistake, he has to pay for it. If it's a big mistake, it can put him out of business. (Can you imagine spending six million dollars to publicize a name, a la American Bell, before you find out that you cannot use the name?!?) I think it is natural for those of us who must survive in a competitive environment to resent a business which is guaranteed a profit by the government. If a utility hires too much help, it only has to get authority for a rate increase to cover the additional expense plus some additional profit. If a utility makes a mistake, it just arranges to raise rates so the captive customer ends up paying for it. The government regulated utilities are probably the only businesses in the world in which all of the players are profitable. The final principal reason for my antipathy cannot be as easily pinned down. It has to do with attitudes and characteristics which have been acquired over the years, and a lot of policies and practices which relate to how management and individual employees of the companies see their company. We'll try to outline some ideas from our experience. "Hubris." Is the company really a part of the government -- or slightly superior to it? "Greed." According to Teleconnect, telcos' profit, as a percentage of sales, ranges from about 30% to more than 50%. Wow! "Green-eyeshade school of management." Have the computers crank out how long on average it takes to answer an information ('scuze me: "directory assistance") call. Demand that the average time decrease. Measure the performance of each operator. Pressure everyone whose time per transaction is above the norm. (Do the same with service calls, etc.) (Since this was written, a local phone company made headlines by firing an information operator of sixteen years experience for falling below the norm.) "Hubris." Start with a company which has always been a monopoly, and which demonstrates continually that it knows nothing about making it in a competitive environment. Spend millions of dollars on national TV ads to deliver the message that the telco will teach your company how to do "telemarketing". Then allow the advertised "800" number to stay busy for days on end. Or have the given telemarketing department number answered with a recording that says, "All of our sales people are in a meeting until 11:30. Please call back after that time." Can you conceive of a competitive business spending a fortune to advertise, and then not be prepared to answer the phone?!?!!! And what they were advertising is the service of teaching you how to sell by phone!!!!!!!!!!!!!!!!!!!!!!!!! "Combination." Ingrain into the minds of all business office people who speak with customers that the only thing that is important is the telco employee's time. The customer's time is worth nothing; keep him on hold interminably. Never offer to call back after you have found the necessary information. NOW WAIT JUST A MINUTE. The normal rejoinder when someone speaks ill of Ma Bell is, "We have the world's best telephone system. How can you knock that? Nowhere have I said that we don't have the best system in the world. I'm not qualified to make that judgment because I don't know all about all systems. However, ours is really good, maybe the best. (Although we had DDD available to us when I was stationed in Germany in the early fifties.) Doesn't matter. I am critical of the company, not the system, and not the people. When I telephone telco repair and tell the young lady that I have 60 Hertz hum on the line, it is not her fault that she doesn't know what I mean. (It is her fault that she says, "You'll have to speak English if you want me to help you.") When I talk to the telco repair people and describe a problem which obviously exists in an exchange about 30 miles away, and they dispatch a repairman to my house; it's not that repairman's fault that the company is wasting his time and mine. The company policy appears to be that all problems are assumed to be the customer's fault until proven otherwise. After I have many problems with call forwarding and ask to speak to someone knowledgeable, and get a man who starts reading from the instructions, "It says here that you dial 72, and when you hear another dial tone ... etc." His lack of familiarity is not his fault. All of these problems, in my opinion, are due to severe comparmentilization in the "old" telco. Know your job, but don't ever look beyond its limits. Don't think; you have a procedure to tell you what to do. My feeling is that the "new" telcos will be different. I see it. I feel it. I think they must encourage capable people to expand beyond the old boundaries. Time will tell. Just don't let anyone tell you that Jim Ross doesn't respect the telco. Just because he is critical of some things doesn't mean that he doesn't appreciate the high quality equipment, and procedures, the excellent overall quality of service and the fact that Bell Labs knows more about communications theory than the rest of the world put together. COMMUNICATIONS SECURITY ASSOCIATION All of the details are not firm, but this membership association is currently being organized. Anyone interested in the overall subject of security of communications -- oral, telephone, radio, data, and every conceivable kind of communications -- is invited to join. Charter members will be those joining before the end of 1984, and the regular annual dues of $50 will provide paid-up membership through 1985. The most important benefit of membership will be the ability, through newsletters and meetings, to exchange information with others in the field -- either people who have similar problems or people who are professionals at solving COMSEC problems. Other benefits of membership will be a subscription to the COMSEC LETTER, reduced rates for attendance at local and national workshops, conferences, panels, exhibits and functions such as COMSEC '85. Some folks who heard about these plans by word of mouth have already sent in their first year's dues and we thank them. We hope to have a membership solicitation packet put together in about one month. Let us hear from you if you can help. We all need to work together if we want an organization which serves its members.from September September, 1984 COMMUNICATIONS SECURITY ASSOCIATION A few hardy souls have committed themselves to the establishment of a national membership organization for individuals and businesses interested in communications security. The principal objective of the association will be to collect and disseminate information on COMSEC. The primary vehicle for exchange of information will be a members-only newsletter. Members are encouraged to submit articles, anecdotes, news items, new techniques/equipment descriptions, gripes, etc. Anything which could be of interest to CSA members is wanted. The COMSEC LETTER will be sent to all members as one of the benefits of membership. This publication will be slightly different in content and make-up than the one which you have been receiving without charge. The editor will still be Jim Ross, but COMSEC LETTER itself will become non-proprietary and non-commercial. CSA will also provide its members with opportunities to exchange information through local and national meetings. When we're able, we'll install a computer bulletin board so that members can have instant access to the association's data bases, and be able to exchange messages with other members. Also, we'll be offering some new educational programs -- seminars, workshops, video tapes, etc. Let us know if you are interested in participating. Members will be offered discounts on training programs, educational activities, advertisements, products, publications, etc. so that annual dues will be recouped easily for any member who participates in even a few activities. Once each year we're planning a national meeting with panels, exhibits, etc. The first of these, COMSEC '85 is tentatively scheduled for Washington, DC in the fall of '85. Many details have yet to be considered. If you would be interested in participating in the organization process, let us know. At the time that this is written we have made no decision on the various categories of membership -- student, foreign, corporate, etc. All we have determined is that, to start, dues for individuals will be $50 per year. Everyone who joins during 1984 will be listed as a charter member, and his dues will cover membership through December 1985. ACCESS CHARGES Lessee now. Access charges. That's what C&P Telephone just started charging its customers in order to give them access to what they've always had access to. No. Some of the trade press uses the term in referring to the money that AT&T Long Lines paid back to local telcos (kickback?). But, no. There all of these stories about how we all have some right to equal access to any LD company. Maybe access charges mean we have to pay to use MCI or Sprint or whoever. Oh well. POSITIVE SUGGESTIONS We have been throwing rocks at our phone companies (which usually provide excellent communication, admittedly) quite regularly in this letter, and we keep thinking that we should offer some positive suggestions rather than just criticizing. Therefore, we have started to list (in the computer) some serious ideas for making the companies better -- or, at least, less irritating. We'll run some of these in a later issue. If you would like to put in your two cents worth, let us know. COMPUTER CRIME This topic seems to have caught the attention of the press, the legal professionals, the legislators, and the man on the street. However, most of the material which has appeared in print has not attempted to define the problem, but focused instead on the exploits of hackers such as the Milwaukee youngsters who called themselves the "414s" after their area code. (One recent story said that they derived their name from the fact that they were all members of Boy Scout Troop 414. Anything to sell more papers!) In our opinion, most of the material which has appeared, even in the trade press, is shallow and self-serving in the extreme. The authors seem to be assuming that unauthorized entry into computers via modems and telephone is computer crime. We take a quite different approach. Although we agree that unauthorized access via telephone is some sort of trespass, and some theft or vandalism might occur making this crime more serious than walking on a neighbor's lawn; we do not agree that this is all there is to computer crime. In fact, this aspect might even represent the least significant part of the problem. Let's see if we can get a start toward defining the problem; and, maybe, convince you to look at it from a slightly different perspective. First, what is computer crime? To us, computer crime means: 1) using one's special knowledge of digital computer hardware and software to commit a crime that you could not commit without that knowledge, and 2) in an environment in which digital computer hardware and software is essential. Note that this definition excludes all of those "computer crimes" in which the computer is used in place of the old paper and pencil record keeping systems. That is, if the bookkeeper figures out a way to get checks sent to bogus addresses which the bookkeeper controls, it is not a computer crime even though a computer was involved in the bookkeeping and check writing process. This crime is as old as the hills, and the fact that a computer is involved is immaterial. Something has been stolen by subterfuge, and the computer is incidental, not central, to the process. The thief is a clerk, without special knowledge of computer hardware or software. He could just as well have been using a pencil or punching keys on a typewriter as on a computer keyboard. On the other hand, if he uses his special knowledge of software to circumvent automatic checks and balances or audit trails, then he has truly committed a computer crime -- one which he could not have committed without knowledge of hardware and software. Yes, this definition flies in the face of most of what has been printed. We'd like to hear your opinion. Let's get some ideas, and maybe, working together, we can develop some good definitions. Back on the question of breaking into data bases via modems and telephone connections: We'd like to strongly suggest that this is an example of what the lawyers call an "attractive nuisance", and the keepers of these nuisances should face punishment. (If you put a swimming pool in an unfenced yard, and an infant falls in and drowns, the law does not punish the infant. The law punishes the irresponsible person who created the attractive nuisance.) What do you think? YOGO CONTEST Earlier this year we introduced the YOGO element in our masthead, and to date only the proofreader (our everlovin' of 25 years) has asked what it means. We doubt that every reader has figured it out -- in fact, we wonder if anyone has figured it out. So, just for kicks, here's a contest: the first person who calls with the correct answer will get his name in print in this letter, and have his subscription extended for one year at no charge. (Ross family members are not eligible. This means you, Marilyn and Jim!) ASK AND YE SHALL RECEIVE In our July letter we commented on AT&T's new charges for LD directory assistance, and wondered when MCI would offer reduced rate service. Sure enough! MCI dropped its announcement on us shortly thereafter. They allow two free inquiries per month, as does AT&T, but they charge 45 cents per call vs. AT&T's 50 cents. KANSAS SUPREME COURT According to Telephony magazine, "The Supreme Court of Kansas has ruled that police may legally monitor and record conversations conducted over cordless telephones and use the recordings as evidence in court. The court determined that such conversations, which were heard over an ordinary FM radio set, were equivalent to oral communications and not subject to wiretap laws." If the court really made that ruling, it should be ashamed -- for several reasons. Anyone who wants to know what the law really says is referred to 18 USC 2511 which makes it a felony to record oral communications without the consent of one of the parties. The communication in question, however, was a radio communication at the point of interception, not an oral communication; and, therefore, the law relating to interception of radio communication applies. What we see from here is that, in addition to its lack of understanding of 18 USC 2511 (contained in the latest law, "PL 90-351, The Omnibus Crime Control and Safe Streets Act of 1968"), the court apparently has not been referred to the Communications Act of 1934. In it, 47 USC 605 defines the rules for handling intercepted radio communication. (We have an essay in preparation on this. It should be ready soon.) CNA Here we are taking on another supreme court (or this time maybe it's only the editor of a trade publication), but we honestly believe in strength through knowledge, and that knowledge comes through free and open communication. In any event, Telephony magazine reported: "The California Supreme Court ruled that police officers acting without a search warrant can no longer obtain the names and addresses of people with unlisted numbers from telephone companies." That statement is factually incorrect. It's true only if the court meant the only official way to get the information is with a search warrant. During our seminar, however, we explain how the CNA system works, and how anyone can use it to get Customer Name and Address for any telephone number, listed or unlisted. (Consulting clients and seminar participants: call us if you want the latest information on CNA.) LIE DETECTION During our recent seminar in New York, we got into a spirited discussion on the subject of lie detection which was exceptionally valuable because we had some experienced, and intelligent, examiners in the group. The consensus was that there are some technological aids which will help an examiner to detect stress, but the person giving the test must use his own mind to evaluate all bits of information before he can hope to come to a conclusion on which to stake his reputation. Specifically, some of our participants pointed out that, if the subject does not understand the words that are used, the equipment will detect no stress, because there will be no stress because the examinee does not understand the question. That may sound like a fatuous statement, but one of the experienced examiners emphasized that there is a whole class of people with whom you don't use certain words such as "steal". As he pointed out, you ask, "Did you take the watch?" and the subject will understand; and you'll get a stress reaction if he/she was involved in the theft. If you say, "Did you steal the watch?", you'll get no stress response because the individual doesn't understand the concept of "steal." The subject of lie detection is one that we believe needs to be aired, and we have an essay in preparation which will present our views on the subject. Your contribution is welcome, anytime. TSCM, BASIC EQUIPMENT NEEDS The question of what basic equipment is needed in order to be able to work in the TSCM field has been asked more than once and really deserves an answer. We have an answer in the works, but it will not be a simple list of equipment, sources and prices. It will be a full treatment of the problem, with emphasis on threat assessment, etc. Your comments are solicited. QUESTIONS AND ANSWERS Q. What are the standard "bug" frequencies? A. Wow! What dynamite is packed into that question! For reasons which may be valid or may not be valid, we're not going to list any frequencies which are authorized for use by law enforcement. That leaves illegal bug frequencies, and they can be anywhere; but let's use some reason and try to limit the field. First, to go extremely high in frequency requires special effort which is beyond the means of most buggers. Second, very low frequencies require large components making a bug hard to hide. Third, if you were planting an illegal bug, you'd want to set the frequency to minimize the chance of accidental detection, so you'd stay outside of bands in common use. However, to build a good receiver from scratch is quite a project, so you'd probably pick an operating frequency just outside a standard band so you could modify a commercial receiver. Ron (and anybody else who's interested), there is no set answer to your question, but I hope this gives you enough information to get you started. You might also check on equipment from Japan which was originally intended for their own domestic use. (Broadcast bands are different in Japan.) I have heard that there are stores in the Canal St. area in NYC which carry this stuff. BS DEGREE BY MAIL? It is possible to earn an accredited BS degree in electronics engineering technology by mail. We have no reservations in recommending this program because some years ago your editor was retained by the Accrediting Commission of the National Home Study Council to evaluate the program, and he found it to be very good. This is a bona fide college and any degree awarded has been earned. You will have to take courses, study, and demonstrate that you have learned the course material before you get a passing grade in any course. This is not one of those "funny" degrees that you get for "life experience" after you have sent a check for the right amount. Contact Grantham College of Engineering, 2500 South La Cienega Blvd., Los Angeles, CA 90035. IDEA FOR THE INVESTIGATOR We have long had a plan to develop a tailing system which we would make available on rental to those who might have a need for such a capability, and just this week received a flier in the mail which strikes us as something similar which might be of interest to our government and private investigator readers. Thrifty Rent-a-Car is offering to rent '73 through '84 models for surveillance purposes. They offer vans, trucks, station wagons, etc. which don't look like "cops cars." Seems like a good idea to us non-investigator types. TECHNICIAN TRAINING COURSES Received since we last published information on such courses: First, the address for the course in Texas is: Texas A&M University System, College Station, Texas. 409-845-6391. Also, Dick Heffernan pointed out that the extra day at the end of the ISA course is for people who already own equipment and want additional training. ANI Automatic Number Identification. As explained to us, this is a method whereby it is possible to contact a telco facility and hear voice identification of the telephone number of the pair being used. It was designed to be an aid to telco installers, but it sure could be helpful to a lot of other folks -- now that it is OK for us to work on our own inside wiring. To use the system it is only necessary to dial a three digit code, and a synthesized female voice will speak the number assigned to the pair that you are connected to. In parts of New York City and Long Island the code is "958". Dial that number and you'll be told the number that you are calling from. Who knows the codes for other areas? Call us. WHOOPS! Since the segment above (on ANI) was written, we read in Telephone Engineer and Management that ANI is a part of the Bell system which provides billing information to the telco. Now, we know that what we said about New York is true, but we wonder if what TE&M said is also true. (It doesn't seem likely that the same system would simultaneously provide analog voice information and digital computer information.) Who knows? Is it one, or the other, or both??? Call us. PUBLICATIONS If you are interested in telephone communications security, you should be reading TAP. This publication has recently been undergoing some major changes (redirection?), but the content is worth much more than the ten dollars asked for a one year (six issue) subscription. TAP, 147 W 42nd St. #603, New York, NY 10036. (If you order a subscription, have patience. The office was recently broken into and torn up. The new editor has rescued what he could; has everything in cardboard boxes in a new location, and hasn't published a new issue since Jan/Feb '84. Hang on! He'll catch up soon, we're confident.) If you have an interest in radio communications, you should be reading Monitoring Times. It is an excellent source of information on the hobby of radio monitoring and the equipment used -- receivers, scanners, antennas, etc. (The July issue had a feature on what are the radio listening laws in all of the individual states.) Also, MT provides a lot of detail on secret and underground transmissions. Send them $10.50 for a one year (12 issue) subscription or contact Bob Grove for a sample. MT, Grove Enterprises, Inc., 140 Dog Branch Rd., Brasstown, NC 28902. NEWS NOTES We have been informed that Col. C.R. (Mac) McQuiston recently demonstrated his Veremetric L-1000 digital voice stress analyzer. We'd like to hear from him or from anyone with details. Also, we're told that the following took place recently. Scene: large metropolitan area on east coast of USA. Players: attorneys for the defendant in a large class action suit. Activity: TSCM in offices of law firm. Finding: one telephone, in critical area, has been modified with a hook switch bypass. Action: modified instrument replaced. No identification of bugger, and no investigative effort contemplated because suit was settled out of court shortly thereafter. BUYING PHONES? If you are thinking about buying a multiline phone system, we recommend that you get a copy of a booklet called "THE HOW TO BUY A PHONE BOOK." It's not about buying a phone book; it's a book about how to approach buying a phone system. Self-serving, but after all the people who offer it for free want you to buy their phones. Really good anyway. Contact Walker Communications Corp., 200 Oser Ave, Happauge, NY 11788. 516-435-1100. (We like the way they write their phone number also, and we're going to eliminate the brackets around our area code in the future.) (Think we'll start a national trend?) MODERN TELECOMMUNICATIONS TECHNOLOGY & DISCOUNT LD CARRIERS Big hassle. The different discount LD services have different policies for when they begin timing a LD call for billing purposes. The reason for the confusion is that they don't get the supervisory signal which indicates that the called number has answered. AT&T gets this signal but MCI, Sprint, etc. don't. Two questions: 1. Why does AT&T get the supervisory signal and the others don't? 2. If, for some valid technical reason, this signal cannot be provided to non-AT&T carriers, why don't these carriers use some of the available technology to sense the status of the call? There are ICs available off the shelf which can sense (and report) ringing, busy circuit, busy line, and complex waveforms such as speech. Why don't they use this technology? OUR INTERESTING LANGUAGE Heard: "Makes a sneer." Actually sung: "Makes us near." October, 1984 NEW ON OUR MAILING LIST Effective this issue we're adding some names to our mailing list, and we're making this introductory comment to try to catch the attention of each individual who has been added. (Unless you tell us to desist, you'll get three issues without charge.) First, we're adding Art Sundry, GM of Motorola Communications and Electronics Inc., and the young lady who said she is the boss of their telemarketing operation, Mary Adelaide Burns. Our astounding communication with this operation is recounted in this issue, and we repeat the offer that we made by phone to Mary Burns: if Motorola wishes to respond, we'll carry the response in this newsletter (unless they expect us to publish a book and distribute it at no charge). Next, and we have also added the members of the Society of Telecommunications Consultants. Again, if you get this letter unbidden, and have no interest in COMSEC, please let us know and we'll stop sending it. Last, bnl, we're adding all of the people who stopped at our booth at the ASIS show in Chicago in September. Welcome. CSA The Communications Security Association is a non-profit memebership organization of people and companies interested in the field of communications, especially communications security. At this time, Jim Ross is the CSA unpaid, "volunteer" administrator, working part time to try to do the things necessary to get a new organization started. If you have requested a membership packet, please be patient. Information is being assembled, created, and word-processed; and something will be forthcoming in the next week or two. Preliminary packets will be prepared and copied on the same equipment used to create the COMSEC LETTER, namely the IBM PC and XEROX 1035. A fancier package will be typeset and printed after the organization can afford it. If you wish to become a charter member, and don't need more information before making a decision, send $50.00. Annual dues are $50.00 for individuals in the USA, and dues received before the end of 1984 qualifies you as a charter member with dues paid up through 1985. If you're not sure, or want more information, send your inquiry to CSA. Please be patient. To all who have already sent their dues: "Thanks. You will be receiving a packet of information including a blank form asking you how you can help to get the new association functioning." COMSEC '85 The founders of CSA have tentatively planned the first annual meeting for Washington, DC during the fall of 1985 and have named this meeting "COMSEC 85". Presentations, panel discussions, exhibits, and other activities are planned. YOUR input is invited. COMSEC LETTER This letter will normally be four pages and will be mailed bulk rate early each month. As a CSA organ it will be non-proprietary and non-commercial. QUOTE OF THE MONTH Plant Man's Notebook, Telephony magazine: "Life is half over before you realize that it's one of those do-it-yourself deals." ITT & FBI VS. LONG DISTANCE STEALERS A recent issue of Telephone Engineer & Management notes that ITT Communications Service and the FBI have collaborated to crack down on those who steal long distance service by using someone else's identification. More power to them! Maybe there should be a system set up to reward those who provide information on such thieves. We don't condone stealing, but, we predict that the system of coding used will be very simple to break and the phreaks will be passing along the formula very soon. With all of their money and all of their brains AT&T really should be able to come up with something with at least a tad of security. AIWA TP-M7 This microcassette recorder is our favorite. It is slightly larger than the Olympus Pearlcorder S-910, but our AIWA is much more sensitive than our Pearlcorder. We have heard that AIWA is no longer making the 7, opting instead to manufacture the 9 which has fewer features and a higher price (shades of Detroit!). NAME THAT SEMINAR Our seminar started out with the name "Electronic Security" and evolved into "Electronic Spying and Countermeasures" because most of the information on access control, intrusion detection, etc. was available elsewhere, but everybody was interested in bugs and taps. During the two-day affair, though, we discuss much more than just electronic spying. We cover the laws relating to surreptitious interception of communication, other methods of collecting information, any modern electronics systems or techniques which relate to security and investigations, etc. So what should we call the seminar? After a conversation with Jack Dyer in California, we're inclined toward "Industrial Espionage Countermeasures". What do you think? PRIVACY, WHAT IS IT? Our recent experience with Motorola began when we saw an ad which implied that Motorola is offering a line of mobile radios which provided secure radio communications. That ad is long since gone, but the one running in the current issue of SIGNAL magazine is headlined, "PRIVACY-PLUS RADIO GIVES YOU RELIABLE COMMUNICATIONS. AND LETS YOU KEEP THE CONVERSATION TO YOURSELF." One of the brochures we received in response to our request is entitled "PRIVACY PLUS PERFORMANCE..." Those three words contain the essence of the problem. To me they conveyed the idea that Motorola was offering a two-way radio system which provides private communication to the users plus the kind of reliable performance that we have come to expect from Motorola products. What do those words convey to you? Looking for some detail for the readers of the COMSEC LETTER, we called the Motorola telemarketing number to get the full story. During the conversation, we explained to the sales rep that we are not a potential customer, but rather producing a newsletter on communications security. Pricing information was easy to get, but how security is achieved was another story. At one point she told me that I should study up on radio communication theory so that I could understand her. When I asked her if they were using some modulation type other than a standard such as FM or ACSB, she told me that she would only talk to me if I learned how to speak to her nicely, and hung up on me. When I called back and asked to speak to the boss, Mary Burns tried to explain the privacy feature by using an analogy. She said that in the old days people had party line telephones, but now most people have private lines, and asked me, "Don't you agree that this conversation that we're having is a private conversation?" That certainly was the wrong question to ask a guy who spends a large part of his life writing and speaking in an effort to get the message across that telephones are not secure means of communication! (Even TIME magazine agrees with me; see page 38 of the October 29 issue.) In any event, after a careful reading of their literature, I now appreciate what the Motorola system does and what it doesn't do. It does not, as the heading says, provide private communications. All it does is prevent other users of the same repeater from hearing your communications on their two-way radios. Anyone in your area with the appropriate receiving equipment can listen with no trouble. Now, it may be that the users of repeaters will appreciate that this system will only keep other users of the same repeater from hearing on their two-way, fixed-frequency radios, but does that mean that Motorola is selling a product which provides "privacy"? Is this another case of a dominant entity getting away with something that would land a small company in hot water? What do you think? YOGO CONTEST WINNER Dennis Steinauer of the National Bureau of Standards is our winner. In a later issue of COMSEC LETTER we'll explain YOGO, and give some samples of some very imaginative contest entries. November, 1984 SOME IDEAS FOR COMMUNICATIONS SECURITY ASSOCIATION What do you think about establishing a panel of experts to answer members questions? Computer bulletin board? How about providing expert witness referral service? Speakers bureau? THANKS Our thanks to Jack Dyer who arranged for us to speak to the San Fernando Valley ASIS Chapter February 5, and to Joe Rodrigues who has offered us the use of his offices as our headquarters while we are visiting in the Los Angeles area during that week. We look forward to in-person meetings with many of our Los Angeles area correspondents. ANOTHER COURT (SMART ONE THIS TIME) In Alexandria (VA) Circuit Court the judge instructed the jury that "interception of an oral communication" is defined as the "aural acquisition" or hearing of an oral conversation that had been recorded. Great. What it means is that simply recording a conversation is not intercepting the conversation. If no person has ever listened to what has been recorded, then no interception has taken place. Simple. Logical. Accurate. Great! Next, of course, the court will have to extend its definition because there are computer-driven transcription systems which can prepare a written record of the recorded conversation with no human listening. In that case no interception takes place until a human reads the transcript, in our opinion. (Sam. This is a point that I was yammering about when first we met --- and the judge agrees with the engineer!) STRANGE, NO? We recently received an inquiry from Continental Telephone of the West, and their business letterhead has no phone number on it! Q & A From Ted Genese, several questions. Q. Kindly send the latest information on CNA. A. Ted, in your area the CNA number is 518-471-8111. CNA is a service of your friendly telco -- which has heretofore been intended for the use of other telcos. (Now available in some places for anyone to use -- details in a future letter.) Here's how it works. Suppose you check your phone bill and find a call to East Waubeek that you know you didn't make. You call your telco business office and the telco person reads from script 47, and assures you that he/she will check into it. That person then calls the CNA (Customer Name and Address) number for the exchange for East Waubeek, saying to the telco person who answers something like: "This is Joe Gahockus in the Golden Westchester Telephone Company and we have a #%$&@#$ subscriber here who is trying to beat us out of some money by claiming he never called this number so I need customer name and address for YYY-XXX-ZZZZ." The telco person at the other end yawns, keys in the number, and reads the CNA information off the screen. That's how the phone company uses the system. Of course, they try to hold the CNA numbers, and the very fact that the service exists, close to the vest; but keeping a goodie like that a secret is impossible. Changing the numbers and coding the numbers add an unbelievable administrative burden and make the system cumbersome, so the numbers tend to stay the same for some time. (One caller from NYC told me that they change every few months, but that 518 number has been valid for years.) So the service exists, and is known to the wily investigator. Don't you suppose that a private investigator who needs to know the name of the person/business to whom a phone number is assigned might be tempted to pretend to be a telco employee, and call CNA for information? Q. Canal Street is a long street. Is it possible to narrow it down a little, such as the name or address? A. (This question refers to a comment we made about equipment available from merchants on Canal Street in NYC.) Sorry, Ted. It's been about 40 years since we visited Canal Street, and all we remember is that there are many sources of almost anything electronic. Can anyone help? Tony, Harold, John, ... anyone? Q. Where is Thrifty Rent-a-Car? A. The man who wrote to us is Bob Rish, Thrifty, 6461 Edsall Rd., Alexandria, VA 22312. 703-354-5939. However, I'm sure that they must have outlets in the NYC area. Q. Any more information available on ANI? A. More will be forthcoming in later issues of the COMSEC LETTER, and in the CSA members-only letter. NEWSLETTER Paul Estev is the editor of a newsletter called 2600. (Bet you can't guess where that name came from!) For a sample copy contact him at 2600 Enterprises, Box 752, Middle Island, NY 11953-0752. RF SCREEN ROOMS Excellent reference: Shielded Enclosures. Electronic Construction Service, 17256 Napa St., Northridge, CA 91325. 818-885-5188 FEEDBACK Here's the text of a letter which we recently received, and our open letter response: From Al Smith, The Windsource Co., Wamsutter, Wyoming. "Dear Sir: I'm interested in Communications Security Association, but I'm wondering what is in store there. I've enjoyed reading COMSEC LETTER but its information has been mostly 'old hat' to this reader. A higher level of information is needed to warrant $25 or $50, specifically in the areas of radio, telephone, and digital techniques. Topics I'd like to read about include spread spectrum/frequency hopping, digital encoding, decoding, digital television bugging, microwave bugging, Shamrock and Baby Bells, Soviet comsec, TEXTA highlights, digital code decryption theory. Would you please advise whether this sort of writing is in the command of the staff you've assembled. If so, you'll have the proscribed [sic] cash! Another concern of mine is whether advertising will be available, and its cost. Would really appreciate a sample of the first CSA newsletter if that's possible." Open letter from Jim Ross to Al Smith, The Windsource: "Dear Al: Your letter is certainly interesting, but I'm sure that I alone cannot give you an adequate answer, so, with this comment, I'm asking others in my readership to help out. As for what's ahead for CSA -- I don't know. I am merely an unpaid, volunteer editor trying to act as a catalyst to get a meaningful membership organization started. As I told a recent caller, I cannot dictate what the organization should do. I'll make some suggestions, but it is a membership organization, and it is going to do what the membership decides. If you join, you'll have a say in what takes place. With your wide variety of interests and advanced education, I'm sure you could contribute many articles to the CSA organ. Now, with regard to your specific questions, the technical staff is severely limited in its education and experience and cannot address all of the items you list. In fact, the staff (me) hasn't even heard of some of the things you mention -- for instance, to us Shamrock is an oil company, and TEXTA rings no bells at all. Further, we have no knowledge of Soviet comsec, and, if we did, we certainly would not expound on it in a general circulation letter. We will be discoursing on frequency hopping and other spread spectrum types, and encryption/decryption will be a favorite topic. You confuse us somewhat with the way that you use the words relating to codes and ciphers. It is our understanding that the words mean entirely different things, and we will be explaining our understanding of the differences for those in our readership who might be interested. For decryption theory, we recommend Cryptologia; that topic is far too specialized for our audience. From this vantage point, advertising in the CSA organ would seem to be a good idea. More revenue could mean a decrease in dues; or, more likely, an increase in services. So there you have it, Al. I hope you will decide to join the new organization and help it get started. As for your request for a free sample of the new publication, please try to understand that I've been creating and mailing a newsletter each month for a year without charge, while trying to keep a business going, run seminars all over the country, testify as an expert in federal and state courts, design TSCM equipment, start a manufacturing business, start a new association, and keep up with the work associated with a house in the country with two acres to maintain, etc. My answer to you must be the same as the madam gave the pentagon colonel who thought "fly before buy" was an accepted way of doing business. I'm sure you know what she told him, and I hope you're not offended by my refusal of your request to sample the merchandise before you make a $50 decision. Sincerely, Jim Ross" December, 1984 OUR THANKS Because this is the last COMSEC LETTER that will go to the full mailing list, we think this is the best place to give credit to our proofreader, and our stuffer and mailer -- there wouldn't have been a COMSEC LETTER without you. From Jim Ross (the elder) to Lynne Ross and Marilyn Roseberry: Thanks. SEASON'S GREETINGS No time for cards this year, so we send our greetings via this letter. To all of our nice readers (and the mean ones too): a late but sincere, "Merry Christmas and Happy New Year!" .... LAST ISSUE .... UNLESS .... This is your last issue of COMSEC LETTER unless you have joined CSA, or we receive your subscription order. Membership packets for CSA will go out during January, but if you're already convinced, send $50 (to CSA c/o Ross Engineering) for your individual dues for 1985. (Dues for corporations and other special categories have not yet been set.) RATES We recognize that this letter has been going to many, many people who probably have only a passing interest in the subject matter, and we hope that it has been of value. However, there is an old engineering design (and business!) principle which says: "There ain't no such thing as a free lunch." ... We must derive some revenue from the time spent in this effort, and therefore, in the future it will only be available by subscription. This letter is aimed at an audience which consists primarily of security practitioners and investigators who are involved in protection of information -- data, telephone, teletype, whatever. We believe that the people we are thinking about could realize a return of hundreds or thousands of times the annual subscription cost of $25 if one idea, one product, one technique or one caveat rings a bell and proves useful. It has happened before. MORE ON KANSAS SUPREME COURT DECISION Open letter to the Kansas Supreme Court Jurists: "Apparently you assumed that because some of the sellers of cordless telephones have privacy warnings in their user's manuals, all users of all cordless telephones have no expectation of privacy (18 USC 2510) because they have been warned. "We just read all the way through a user's manual from General Electric and it doesn't mention anything about privacy. "Further, we wonder about your understanding of the real, as opposed to theoretical, world. Would that you had at some time in your experience tried your hands at teaching! Your assumption that what is printed is read, and that what is read is understood, and that what is understood is retained, and that what is retained is used in making conscious decisions relating to everyday occurrences, is patently absurd. Even in the classroom, where both professor and student are desirous of transferring as much information as possible, experience teaches that what you have assumed just is not real. "How can you, in good conscience, hold a person responsible for understanding, and abiding by, the contents of an instruction book which he may never have seen, when you yourselves, with research staff and practically unlimited time to make a decision in the quiet of chambers with no distractions, didn't even bother to determine the meaning of the simple, but key, word, "oral"?! "For a practical lesson in whether cordless phone users think that they have an expectation of privacy, we urge you to get a scanner and tune to cordless telephone frequencies. -- Sad but true: people think that telephone communications are secure. The stuff they say will convince you that they think that their conversation is private. The fact that their expectation of privacy is due to abject ignorance does not alter the fact that they are conducting themselves as though they were having a private conversation. "When you walk down the street, do you think your conversation is private? When you lean over the table in a restaurant to impart a juicy tidbit, do you think your conversation is private? Most people talking on the telephone think that their conversation is private. They have an expectation of privacy. That expectation may be erroneous, but they have it nevertheless." FEEDBACK Steve U. (he doesn't want us to reveal his name) writes: "Your newsletter is marginally interesting; occasionally useful. Do you intend the thing to be a gossip column for the intelligence clique in the know? I usually have the feeling that I am missing a phantom page each month as some things are non sequitur." Very Interesting. Let's consider some different thoughts triggered by Steve's comments. First, why does he say, "Do NOT ever (NEVER!) release my name outside your firm for any reason without my express permission."? Second, thanks for saying that we are sometimes useful. We try. Third. Do you think that our stories about IH, Motorola, Hertz, etc. are gossip? If so, we urge you to look back in early letters where the editor revealed his biases relating to how stupid use of the language imperils good communications, and also his dislike of the fraud and near-fraud committed through lies in some claims. Fourth. Implying that we are some part of an intelligence community clique is really wild. Your editor has done some work for some of these organizations, but he has never been a part of the intelligence community, and never been a part of any clique. However, we know what it feels like to be on the outside of a closed club. The Washington DC ASIS Chapter has refused to carry any of our seminar announcements, or even to let their members know that they could have had a no-charge trial subscription to this letter in 1984. We first joined in 1978 so it's not that we're new. We're in our second year of advertising in their newsletter, so we're not unknown to them. They do carry releases for other folks, so it's not a blanket policy to keep the membership in the dark. (They even ran one that was phoned in announcing demonstrations of a manufacturer's product!) Tell us about cliques -- but don't accuse us of being a part of one! Now, as to phantom pages and non sequiturs, we are really at a loss to figure out what you mean. Our most dangerous assumption might be that we see the letter as a continuum, and assume that previous issues have been read. Other than that, we assume little knowledge of electronic communications theory, but we do assume some reasonable level of intelligence and experience. Also, there are times when we address a comment to an individual -- there is nothing sinister in that; it's merely an old professor's ploy to try to keep everyone awake and listening. However, as for any non sequitur: you find it, and we'll eat it. A GOOD QUESTION FROM A MYSTERY MAN His business doesn't have a phone and he doesn't have a phone, but he sent us a good question. He asked us to explain the difference between COMSEC LETTER and the CSA. OK Al (or whoever you are), here goes. The COMSEC LETTER is a newsletter regarding information, its storage and its transmission; and the protection thereof. It relates to all types of information and communication -- voice, data, teletype, facsimile, television, radio, microwave, or whatever. Even data in storage is of interest. The Communications Security Association is a non-profit membership association incorporated in the District of Columbia for which COMSEC LETTER is a benefit of membership. COMING IN 1985: STRESS DETECTION At least one person misunderstood one of our points in our segment on lie detection, so we'll try again in a future issue. Q & A To all who have written and called with questions and comments: your letters are appreciated and you will be answered. YOGO We got some great answers in our YOGO contest. Details in '85. CN/A For John Nakic and others who have inquired: We are preparing a short report on the CN/A system. It will explain the system, and include the latest numbers that we have. Price will be nominal. CONTENT Starting in January, 1985 the COMSEC LETTER will become an organ of the Communications Security Association. It will no longer be a no-charge publication, prepared and distributed by Jim Ross at his expense. Therefore, in addition to watching the calendar, your editor will have to be careful to be totally even-handed in announcing things like training sessions, products, etc.