There are two bills before Congress. One (HR2369) concerns radio signal privacy and restrictions on scanners and receiving radio signals without authority, the other (HR2460 and S493) concerns use of scanners to capture ESNs for the purposes of cloning cellphones. Both passed the House, and the anti-cloning bill also passed the Senate. On Mon, Mar 30, 1998 at 09:36:55AM -0800, David Wagner wrote:
A bill banning mere ownership (and modification, sale, and so on; no need for prosecutors to show any ill intent) of cellular capable scanners has passed the House by a vote of 414-1. A very similar version also passed the Senate easily, and the two are being reconciled. There's no opposition; this is fasttrack noncontroversial stuff, on the Hill. I'm told the bill is as good as signed.
That is not my information. HR2369 (the Tauzin bill) does not ban mere possession of cell capable scanners. It bans manufacture, assembly, sale, import, export, or distribution of *any* radio equipment (not just cellphone capable scanners) "intended" for the unauthorized receipt, interception, or divulgance of communications in violation of the amended section 605 (which bans interception or divulgance rather than the previous *and* divulgance). This very clearly does not ban possession, and also very clearly speaks to intent. What this draconian language means with respect to a wide band radio receiver such as a scanner that can tune in certain signals it is not legal to listen to is not clear at the moment, as it turns on what "intended" means. Penalties for violation of this are 5 years in jail and $500,000 fine per sale... (the law was basicly expanded from one forbidding the sale of satellite TV piracy gear - and similar language has been the law since 1988, but less clear). According to Thomas and my other sources, HR2369 is still in the Senate Commerce Committee and has not been marked up - apparently Sen Hollings of SC has put a hold on it for further study. There is a bill (S493) which establishes 15 years in prison for "knowingly and with *intent to defraud* uses, produces, traffics in, has control or custody of, or possess" a scanning receiver "to intercept an electronic serial number, mobile identification number or other identifier of any telecommunications service, equipment or instrument. This later bill clearly concerns ESN theft for purposes of cloning, but it is broad enough so it conceivably might be applied to possession of radio receivers capable of capturing any kind of identifying information for any radio signal - but I think it is probably true that there would have to be a specific demonstrable intent to defraud demonstrated before a conviction under this language could happen. This bill is tough, however, and does provide for "forfeiture of any personal property used or intended to be used to commit the offense". S493 does make it illegal to merely possess "hardware or software, knowing it has been configured to insert or modify telecommunications identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization". No requirement of intent to defraud need be demonstrated here, but there is an affirmative defense "(which the defendant must establish by a preponderance of the evidence) that the conduct charged was engaged in for research or development in connection with a lawful purpose." This bill, is one of the first I know of to outlaw mere *possession* of software. And they can take seize your computer, your car, and Lord knows what else if they find the illegal software on your laptop hard drive. They need not prove you had any intention of using it to clone cellphones, just that you knew it was configured for illegal ESN alteration and you did not have it for "research and development in connection with a lawful purpose." To quote the Committee report on the bill... [S493} amends section 1029 of Title 18 of the United States Code, relating to fraud and related activity in connection with access devices. The bill amends subsection (a)(8) of section 1029 by deleting the `intent to defraud' requirement which exists under current law in order to prove a violation of that section. This section relates to persons who knowingly use, produce, traffic in, have custody or control of, or possess hardware or software which has been configured for altering or modifying a telecommunications instrument. As a result of the amendments made by the bill, in order to prove a violation of section 1029, law enforcement officials will no longer have to prove that a defendant possessing such hardware or software did so with the intent to defraud another person. The amendment to the statute is being made because law enforcement officials occasionally have been thwarted in proving true violations of the statute by the `intent to defraud' requirement. But as the hardware and software in question can be used only for the purpose of altering or modifying telecommunications instruments, persons other than those working in the telecommunications industry have no legitimate reason to possess the equipment. Therefore, requiring the government to prove an `intent to defraud' in order to prove a violation of the section for possessing this equipment is not necessary. By eliminating this requirement from existing law this bill will make it easier to obtain convictions against criminals who possess this equipment before they actually use it for illegal purposes. ............................. The statute, as amended, also does not prohibit persons from simply possessing equipment that only intercepts electronic serial numbers or wireless telephone numbers (defined as `scanning receivers' under section 1029, as amended by the bill). For example, companies which produce technology to sell to carriers or state and local governments that ascertains the location of wireless telephones as part of enhanced 911 services do not violate section 1029 by their actions. Under new subsection (a)(8), however, it will continue to be illegal to use, produce, traffic in, have custody or control of, or possess a scanning receiver if such act was done with the intent to defraud another person. This also is current law, and it remains unchanged by the bill.
The law enforcement industry couldn't care less whether the cellphone airlinks are private. All wiretaps are done at the base station or inside the network, where no scanners are needed.
Sadly, this is only true of *legal* wiretaps by authorized *US* entities. Ask any of the dealers and manufacturers of cellphone interception gear and high end scanners who buys this stuff (with cell phone band enabled). Lots of LEA types have this gear, some of which is specialized enough so it could have no other purpose.
I suspect the cellphone industry wants these laws primarily because they find them useful at fighting fraud. When you broadcast a reusable "password" (the MIN/ESN pair) over the air in the clear (as analog phones do), devices to snoop on conversations start to look very much like devices to steal those valuable "passwords".
Of course. They could care less about privacy (or they would have encrypted years ago), but fraud costs them big money.
Of course, we all know that these laws are pretty ineffective at protecting privacy, though they are effective at making it easier to snow the public into thinking their cellphones are secure. (This is only, what, the fourth such law? It just gets worse and worse.)
-- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18