For details of the crack see the cryptographers' press release at: http://www.counterpane.com/cmea.html The New York Times, March 20, 1997, pp. A1, D2. Code Set Up to Shield Privacy Of Cellular Calls Is Breached By John Markoff San Francisco, March 19 -- A team of well-known computer security experts will announce on Thursday that they have cracked a key part of the electronic code meant to protect the privacy of calls made with the new, digital generation of cellular telephones. The announcement, intended as a public warning, means that -- despite their greater potential for privacy protection -- the new cellular telephones, which transmit streams of digital information in code similar to computer data, may in practice be little more secure from eavesdropping than the analog cellular phones, which send voice as electronic patterns mimicking sound waves, that have been in use the last 15 years. It was such eavesdropping, for example, that caused trouble for Newt Gingrich when a Florida couple listened to his cellular phone conversation in December about the Congressional ethics inquiry. Now that digital wireless networks are coming into use around the nation, the breaking of the digital code by the team of two computer security consultants and a university researcher confirms fears about privacy that were raised five years ago when the communications industry agreed under Government pressure to adopt a watered-down privacy technology. Several telecommunications industry officials said the pressure came from the National Security Agency, which feared that stronger encryption technology might allow criminals or terrorists to conspire with impunity by cellular phones. But independent security experts now say that the code is easy enough to crack that anyone with sufficient technical skills could make and sell a monitoring device that would be as easy to use as a police scanner is. Such a device would enable a listener to scan hundreds of wireless channels to listen in randomly on any digital call within a radius ranging from 1,000 feet to a number of miles. Or, as with current cellular technology, if a specific person was the target of an eavesdropper, the device could be programmed to listen for any nearby digital call to that person's telephone number. Other possible transgressions would include using the device to automatically harvest all calling card or credit-card data transmitted with nearby digital wireless phones. And, because of a loophole in the Communications Act of 1934, making and selling such devices would not be illegal, though actually using one would technically be against the law. These monitoring devices are not yet available, but security experts said that a thriving gray market was certain to develop. And with technical details of the security system already circulating on the Internet instructions for cracking it will almost certainly make their way into the computer underground, where code breaking and eavesdropping are pursued for fun and profit. Technical details of the security system were supposed to be a closely guarded secret, known only to a tight circle of industry engineers. But the researchers performed their work based on technical documents that were leaked from within the communications industry and disseminated over the Internet late last year. "The industry design process is at fault," said David Wagner, a University of California at Berkeley researcher who was a member of the team that broke the code. "We can use this as a lesson, and save ourselves from more serious vulnerabilities in the future." Communications industry technical experts, made aware of the security flaw earlier this year, have been meeting to determine whether it is too late to improve the system's privacy protections. Already the digital technology is in use in metropolitan areas, including New York and Washington, where either the local cellular networks have been modified to support digital technology or where new so called wireless personal communications services are being offered. "We're already in the process of correcting this flaw," said Chris Carroll, an engineer at GTE Laboratories, who is chairman of the industry committee that oversees privacy standards for cellular phones. But Greg Rose, a software designer for the Qualcomm Inc. a leader in digital cellular systems said that fixing the flaw would be "a nightmare." Tightening the security system, Mr. Rose said, would involve modifying software already used in the computerized network switching equipment that routes wireless digital telephone calls, as well as the software within individual phones. Currently, about 45 million Americans have cellular phones, though most of them so far are based on an older analog standard that offers no communications privacy. But cellular companies are gradually converting their networks to the new digital standard, and the new personal communications services networks going into operation around the country also employ the digital encryption system. Nearly a million P.C.S. phones have been sold in the United States, according to cellular industry figures. Besides Mr. Wagner, the other researchers who cracked the code were Bruce Schneier and John Kelsey of Counterpane Systems, a Minneapolis consulting firm. Mr. Schneier is the author of a standard textbook on cryptography. The new digital wireless security system, which was designed by cellular telephone industry engineers was never intended to stop the most determined wiretappers. But because digital calls are transmitted in a format corresponding to the one's and zero's of computer language, they are more difficult to eavesdrop on than conventional analog calls, which are transmitted in electronic patterns. And digital calls protected with encryption technology -- basically a mathematical formula in the software that scrambles the signal -- would be all the harder for a third party to listen to surreptitiously. Because the encryption system that the industry adopted in 1992 was deliberately made less secure than many experts had recommended at the time, privacy rights advocates have been warning since that the code could be broken too easily. An announcement Thursday that the code has indeed been cracked would seem to bear out those concerns. "This should serve as a wake-up call," said James X. Dempsey, senior staff counsel for the Center for Democracy and Technology, a public interest group. "This shows that Government's effort to control encryption technology is now hindering the voice communications industry as well as the data and electronic communication realm." Industry executives acknowledged that steps must be taken to address the problem. "We need strict laws that say it is illegal to manufacture or to modify a device which is designed to perpetrate the illegal interception of P.C.S. telephone calls," said Thomas E. Wheeler, president of the Cellular Telephone Industry Association, a Washington-based trade group. Mr. Wheeler said the weaker privacy technology had been adopted not just to appease the Government but because makers of wireless communications hardware and software wanted to embrace a technical standard that would meet export regulations. Those rules, based on national security considerations, sharply curtail the potency of American-made encryption technology. The three computer researchers who broke the code belong to an informal group of technologists who believe strongly that powerful data-scrambling technologies are essential to protect individual privacy in the information age. These technologists, who planned to release their findings in a news release on Thursday, argue that the best way to insure that the strongest security codes are developed is to conduct the work in a public forum. And so they are sharply critical of the current industry standard setting process which has made a trade secret of the underlying mathematical formulas used to create the security codes. "Our work shows clearly why you don't do this behind closed doors," Mr. Schneier said. "I'm angry at the cell phone industry because when they changed to the new technology, they had a chance to protect privacy and they failed." Mr. Carroll, head of the industry's privacy committee, said it planned to revise the process for reviewing proposed technical standards. [End]