TELECOM Digest Thu, 7 Jan 93 13:19:00 CST Volume 13 : Issue 11 Index To This Issue: Moderator: Patrick A. Townson Motorola 'Secure-Clear' Cordless Telephones (Tim Tyler via Monty Solomon) Sci.electronics Phone Fraud! (Larry Ching via Monty Solomon) CRTC Review of Telecom Regs (Dave Leibold) Cell Phone SID in US / My Friend, Nynex Mobile ... (Phydeaux) ---------------------------------------------------------------------- Date: Thu, 7 Jan 1993 03:29:17 -0500 From: Monty Solomon Subject: Motorola 'Secure-Clear' Cordless Telephones [Moderator's Note: Monty passed this along to the group. PAT] Newsgroups: sci.crypt From: tim@ais.org (Tim Tyler) Subject: Motorola 'Secure-Clear' Cordless Telephones Message-ID: Organization: UMCC Date: Fri, 1 Jan 1993 01:39:56 GMT "Why A Motorola Cordless Phone?" "Cordless phone eavesdroppers are everywhere" says pro golfer Lee Trevino, spokesman for Motorola. "But with my Motorola Secure Clear Cordless Phone, my private conversations stay private." So says a glossy brochure (# BA-81) that Motorola's Consumer Products Division (telephone # 800/331-6456) distributes to promote their new 'secure' cordless phone product line. When I first read the cover of the brochure, I said to myself, "Wow, I wonder what sophisticated technology it must use?" Motorola has been developing and selling secure voice and data systems, from DVP and DES up to the current 'FASCINATOR' algorithm for classified military and federal government secure voice for many years. Page Two of the slick brochure provides some rhetorical questions and answers: Why Motorola Cordless Phones? Q. What is meant by Secure Clear? Secure Clear is an exclusive technology that assures you no eavesdroppers will be able to use another cordless phone, scanner or baby monitor to listen in to your cordless conversations. Q. How difficult is it to eavesdrop on someone's cordless conversation? It's not difficult at all. Simply by operating a cordless phone, scanner or baby monitor on the same channel as you're on, an eavesdropper can listen in. Security codes alone DO NOT prevent eavesdropping. Q. What are security codes and what do they do? Security codes allow the handset and base to communicate with each other. With the Secure Clear cordless phone, one of 65,000 possible codes are randomly assigned every time you set the handset in the base. This means that a neighbor cannot use his handset to link with your base and have phone calls charged to your phone number. Q. Describe the basic difference between Secure Clear and Secure Clear protects against eavesdropping. Security codes prevent the unauthorized use of your phone line. Usually all cordless phones have security codes, but not both. Q. What is the purpose of the Secure Clear demo? The Secure Clear demo is a unique feature of Motorola phones that allows you to actually experience what an eavesdropper would hear when trying to listen to your conversation. By pressing the SECURE DEMO button on the Motorola phone, you and the person on the other end will hear the same scrambled noise an eavesdropper would hear. ---------- Hmmm ... I went to the Motorola Secure Clear cordless phone display at a Sears store, took a deep breath, and hit the demo button in order to hear what the "scrambled noise" which would protect a conversation from eavesdropping sounded like. White-noise like that of a digital data stream? Rapid analog time-domain scrambling? No, the scrambled "noise" sounded like inverted analog voice. That's right, they're using the 40 or 50 year old (3kHz baseband) speech inversion system -- the same one which they stopped marketing for their commercial two-way radio gear about a decade ago -- to make Lee Trevino and other ignorant people's "private conversations stay private." For those of you not familiar with speech inversion, it simply flip-flops the voice spectrum so that high pitched sounds are low, and vice versa. It sounds a lot like Single Side Band (SSB) transmissions, although an SSB receiver will not decode speech- inversion scrambling. Prior to 1986, several companies -- Don Nobles, Capri Electronics, etc. sold inexpensive kits or scanner add-ons which could be used to decode speech inversion. Several electronics magazines also published schematics for making your own from scratch, at a cost of about $5. After the Electronic Communications Privacy Act of 1986, it became illegal to decode or decipher encrypted communications which you weren't a legitimate party to, so the standard practice of selling these quasi-legal products as 'experimental kits' or 'for educational purposes only' became common. Today, some companies will not specifically sell a 'speech-inversion descrambler,' but instead market a 'speech inversion scrambling system' which means the kit will encode as well as decode speech inversion, although most people buy them simply to hook up to their scanners and monitor the few public safety agencies and business that (still) use speech-inversion scrambling. Yes, technically, it is a felony for you to use a speech- inversion descrambler to monitor these Motorola 'Secure Clear' cordless. Or for that matter, the new Radio Shack DUoPHONE ET-499, cordless phone which also depends on speech-inversion for privacy protection. The public utility of the ECPA has been argued about ever since before it was enacted. It is rather obvious that the ECPA was pushed upon the ignorant, money-hungry Congress by the powerful (& wealthy) Cellular Telephone Industry Association (so the CTIA could propagate misinformation to the public, but that's another story ...). I also realize that the 46/49MHz cordless phone channels are apparently allocated for analog-voice only. Despite the ECPA, it is unconscionable to me that Motorola -- who surely knows better -- would produce the slick brochure & specifically market the 'Secure Clear' line as being invulnerable to eavesdropping. Their wording unequivocally gives the impression that the 'Secure Clear' conversations are secure, not only from other cordless phone and baby monitors, which have several common frequencies, but also against communications hobbyists with scanner radios. It is bad enough that many public safety officers still think that by using the 'PL' ('Private Line,' also known as CTCSS) setting on their Motorola two-way radios, no one else can listen in. While the 'Private Line' fiasco might be attributable to misconception on the part of the radio users, in my opinion, Motorola's Consumer Products Division has to know that there are thousands of scanner monitors who have the technical ability to defeat the speech-inversion 'Secure Clear' system. A Motorola representative at the 1992 Summer Consumer Electronics Show in Chicago confirmed this to me, with a smirk on his face. There's a big difference between Motorola's aforementioned wording and that of Radio Shack's on page 3 of their 1993 catalog: New! Voice-Scrambling Cordless Telephone DUoFONE ET-499. Cordless phones are great. But since they transmit over the airwaves, your private conversations could be monitored. Now you can enjoy cordless convenience with voice scrambling for added [emphasis theirs] privacy protection -- frequency inversion makes transmissions between the handset and base unintelligible... It's not "Motorola should know better." Motorola DOES know better. Otherwise, they wouldn't be spending time or money on truly 'secure' (based on current technology, of course) communications and transmission security systems. I sure am thankful that our federal government and military users of secure-mode communications systems don't rely on Motorola's marketing department to provide factual information as to the level of security provided by Motorola equipment. Too bad that for the most part, the public does. For anyone looking for a cordless telephone that offers a decent level of privacy, take a look at some of the new cordless phones which use 900MHz. Most of the new ones not only use CVSD digital voice for the RF link, but also direct-sequence spread spectrum. By no means are these phones secure ('encoded,' yes, but 'encrypted,' no), despite some of the wording in their owner's manuals. The Tropez 900 actually seems to generate a very weak analog harmonic in the 440MHz spectrum, but you'll still be a lot better off than poor old Lee Trevino. Tim Tyler Internet: tim@ais.org MCI Mail: 442-5735 P.O. Box 443 C$erve: 72571,1005 DDN: Tyler@Dockmaster.ncsc.mil Ypsilanti MI Packet: KA8VIR @KA8UNZ.#SEMI.MI.USA.NA 48197 ------------------------------ Date: Thu, 7 Jan 1993 03:34:36 -0500 From: Monty Solomon Subject: Sci.electronics Phone Fraud! [Moderator's Note: Monty also passed this along for us today. PAT] From: larryc@shell.portal.com (Larry WB Ching) Newsgroups: sci.electronics Subject: SCI.ELECTRONICS Phone fraud !!! Summary: A recent attempt to rip-off sci.electronics correspondents. Keywords: fraud, con artists, phone numbers Message-ID: Date: 1 Jan 93 23:16:23 GMT Sender: news@unix.portal.com Organization: Portal Communications -- 408/973-9111 (voice) 408/973-8091 At about 6PM Thursday evening, I got a phone call. The operator said that he had a collect call to me from Charles Pooley in New York. The name was familiar, but I didn't remember exactly why. I said I would accept the call, but then the "operator" said the call couldn't get through because I had the call collect option blocked. He then said he could pass the call through if I gave him my calling card number. I said that I'd rather call Mr. Pooley myself, and could the "operator" give me Mr. Pooley's number. There was a pause, then a phone number with a San Jose area code! It didn't occur to me until later that , if the call was from New York, why was the call-from number (408) !??! I remembered that Charles and I had been corresponding on a topic from sci.electronics. I was lucky enough to have an old message from him lying around, and emailed him a message about my mysterious phone call. Charles Pooley replyed to me today -- turns out the guy tried the same scam on him too! But this time, the bogus operator said the collect call was from me to Charles! Charles was also wary, and didn't give the crook his calling card number. So - WATCH OUT! How this con artist chose my name and Charles' to try is beyond me. As far as public postings in sci.electronics, I don't think Charles and I had exchanged more than four public postings. Most of our correspondence has been via "private" email. This has definitely raised my paranoia level. If, out of the millions of public postings during 1992, someone should choose two correspondents who have exchange only a slight amount of messages .... I mean, why us? Or, is there a "boilerroom" operation going on, with a bunch of phony operators, armed with USENET listings -- calling people with this con? OH! - I may have put my phone number in one of my public sci.electronics postings - that's probably how the scamsters make their selection. Makes sense ... CHILDREN BEWARE!!! larryc@shell.portal.com [Moderator's Note: I note the public access site you use for Usenet (Portal Com) is located in area 408 (San Jose, CA). PAT] ------------------------------ Date: Thu, 7 Jan 1993 23:49:48 -0500 From: Dave.Leibold@f730.n250.z1.FIDONET.ORG (Dave Leibold) Subject: CRTC Review of Telecom Regs [from Canadian Radio-Television and Telecommunications Commission (CRTC) press release] December 16, 1992 CRTC TO REVIEW TELECOMMUNICATIONS REGULATORY FRAMEWORK OTTAWA/HULL - The CRTC today announced that it intends to review the approach it takes to regulating telephone companies that provide basic local telephone service in order to ensure that the manner in which it regulates is efficient, effective and in the public interest (Telecom Public Notice CRTC 92-78). In recent years, technological change and increasing competition have significantly altered the nature of the telephone industry. The Commission wants to examine whether or not there are more efficient and effective ways to regulate or to streamline regulation, without compromising basic regulatory goals such as affordable local service and prevention of anti-competitive behaviour. "Canadians currently enjoy the benefits of a first-class telecommunications industry," said CRTC Chairman Keith Spicer. "By undertaking a review of our regulatory procedures we are trying to ensure that the Canadian telecommunications industry remains at the forefront of international communications and continues to provide top-quality service, local as well as long distance, to meet the growing information requirements of residential and business users." Since telephone companies have evolved into multi-dimensional service providers subject to increasing competition, questions arise about the continued appropriateness of traditional monopoly-style regulation. However, the Commission considers that regulatory streamlining will depend in part on the degree of effective competition in the markets served by the telephone companies. While some markets may be increasingly competitive, Canada's telephone companies continue to exercise considerable market power due to their control over access to local telephone systems and their dominance in the long distance telephone market. Where telephone companies exercise market power, regulation will be required to protect subscribers and industry competitors from any abuse of that power. "While the Commission is committed to considering changes to the current framework, in pursuit of regulation that is more effective and more efficient, the resulting framework must ensure that subscribers and competitors are adequately protected," said Louis (Bud) Sherman, CRTC Vice-Chairman for Telecommunications. "Changes must take account of any monopoly or dominant power the telephone companies could exercise." Having raised these general issues, the Commission invites the telephone companies and other interested parties to submit comments and specific proposals for changing the existing regulatory framework. Submissions should bee aimed at achieving the following goals: * reduction of the regulatory burden where there is already effective competition in place; * encouragement of the development of new technology and innovative services to serve the expanding information requirements of residential and business customers; * protection of subscribers and competitors from abuse of market power; * equitable treatment of subscribers in terms of service and prices; * the opportunity for telephone companies to earn a reasonable rate of return; and, * a recognition that the telephone companies and other telecommunica- tion carriers must be permitted to equip themselves to meet increasing competition at home and abroad. During the course of the review proceeding, the Commission anticipates receiving proposals to: * streamline or eliminate regulatory requirements in light of changes in industry structure; * reduce the size of local service subsidies by, among other things, new types of local services to generate increases in local service revenues and encouraging investment to reduce costs; * change the current system of allocating the subsidy to ensure that it is equitably distributed among subscribers; and, * examine alternatives to the Commission's existing rate base rate of return approach to regulation of the telephone companies that may better balance the interests of subscribers and competitors, while maximizing the operating efficiency of the companies. Parties wishing to participate in this proceeding must notify the Commission of their intention to do so by writing to the Secretary General, CRTC, Ottawa,Ontario, K1A 0N2, by March 15, 1993. Submissions to this proceeding must be filed with the Commission by April 12, 1993. The Commission will convene and oral public hearing, scheduled to commence on November 1, 1993, in connection with this proceeding. - 30 - Contact: Bill Allen, Director CRTC Public Affairs, Ottawa, Ontario K1A 0N2 (819) 997.0313 - TDD (819) 994.0423 - Fax (819) 994.0218 or one of our regional offices listed below: Halifax, Nova Scotia - (902) 426.7997 - TDD (902) 426.6997 Montreal, Quebec - (514) 283.6607 - TDD (514) 283.8316 Winnipeg, Manitoba - (204) 983.6306 - TDD (204) 983.8274 Vancouver, British Columbia - (604) 666.2111 - TDD (604) 666.0778 or from the Department of Communications Regional Office: Toronto, Ontario - (416) 973.8215 Dave Leibold - via FidoNet node 1:250/98 INTERNET: Dave.Leibold@f730.n250.z1.FIDONET.ORG ------------------------------ Date: Thu, 7 Jan 93 11:10:14 PST From: reb@ingres.com (Phydeaux) Subject: Cell Phone SID in US / My Friend, Nynex Mobile ... Hi! I have the SID chart from the telecom archives, but it's quite old. Has anyone managed to get a list of SIDs for US cellular service providers? My carrier (Nynex mobile in NJ) tells me to just 'dial *611' to find out what system you are on. "We do not have that information." My phone displays SID, and I've noticed that there are many new ones I've wandered into that are not on the list. It is difficult to get *any* information out of Nynex. They tell me they have call delivery into Philadelphia. I try it and it doesn't work. I call them when I'm in Philly, and ask them to call me back on my mobile number and it *still* doesn't work. What do they conclude? Of course, everything is working fine. Finally, I attempted to get roaming rates and information from Nynex. They sent me a booklet from 1990 with a few roamer ports listed. What I really wanted was the rates. When I lived in Chicago, Cell/One in Chicago had a nice handy booklet with all of this. But Nynex told me they could and would give the information out only for cities/systems I specifically requested. That is, in order to find out the rates for, say, California I would have to name each city and have them read the information to me over the phone. How the rates that the customer pays are a confidential item, to be specifically kept *from* the customer I'll never know. After a lot of complaining and threatening to cancel my service they finally photocopied their roamer information -- which is up to date and includes all systems, roamer ports, daily and per minute charges, etc. Do many other 'service' providers give customers this much of a hard time when they want to find out rates? In the last two years I'd say my experience with the cellular industry is that the carriers never have anybody who knows anything answering the phone, and they absolutely refuse to let you speak with anybody who knows anything. , reb -- *-=#= Phydeaux =#=-* reb@ingres.com or reb%ingres.com@lll-winken.llnl.GOV h:861 Washington Avenue Westwood NJ 07675 201-376-5766 ICBM: ??.??N ??.??W w: reb Ingres Park 80 West Plaza I Saddle Brook, NJ 07662 201-587-1400 [Moderator's Note: Both Cellular One and Ameritech in Chicago have the booklet you describe, listing roamer ports in hundreds of cities and dialing instructios, etc. They send them out as part of the sign up kit or you can get that information mailed out anytime. PAT] ------------------------------ End of TELECOM Digest V13 #11 *****************************