From: US3RMC::"clark@metal.psu.edu" "Clark Reynard" 8-SEP-1993 01:59:18.22
Then the receptionist returned, and told me that the person from the engineering department who took care of the phones had indicated that not even the government had the technology to monitor these phones.
Upon asking how and why the government might do this, I received a rather chilly notification that the engineering department, was, of course, unwilling to reveal these secrets. Well, it was worth a try.
Actually, they aren't telling you, but SS techniques are published widely in the technical literature. For a relatively accessible and understandable introduction, try the ARRL's book "Spread Spectrum Sourcebook", which describes not only the theory but also the results of the ARRL's experimentation with spread-spectrum technology for radio communications. It's about $30 from any reputable ham radio supply house, and you can mail-order it. [very succintly, SS works by adding a pseudorandom modulation to the transmitter carrier that modulates the signal far far MORE than the actual informational modulation. For example, a 16-bit CRC register feeding back on itself can be used. The output of the CRC register (or any other pseudo-random-number-generator (PRNG) can be used as a modulator in two ways: 1) Frequency hopping: the bits in the CRC or PRNG determine (via a lookup table ("hop set") the new center frequency that the transmitter will send on. This freqency may hop a hundred times or more per second. a) ease of detection: easy- you hear a "click" whenever the transmitter hops onto the freqency you're monitoring b) ease of interception: very hard- if there are a few thousand such signals around, you have to splice together 10 millisecond slices from a thousand different sources- and that's a combinatorially prohibitive problem. You need to know the "hop set" and the particular polynomial or psuedorandom sequence to easily recover the signal. 2) Direct Sequence: the single low-order bit in the CRC or PRNG determines whether the output signal from the transmitter's primary oscillator (already modulated with the user's voice) is inverted or not. This translates to massive phase modulation. If the CRC is clocked at a reasonable rate (say, 1 MHz) then the output signal ends up with a bandwidth of about twice the clocking freqency. a) ease of detection: difficult- the SS signal shows up in a conventional reciever as broadband noise- easy to not notice. b) ease of interception: very difficult- I haven't the foggiest about how to go about it. In either case, to demodulate the signal, one recieves the entire bandwidth, then either hops their first-stage local oscillator (for frequency hopping) or phase-inverts (for direct sequence) the incoming signal. The result is a second-stage signal that can be demodulated by conventional means. The only big trick is to synchronize the PRNG on the reciever to the PRNG on the transmitter. Another advantage to SS is that it tends to "ignore" strong signals in the band- any signal that does not correllate against the PRNG modulation is "spread out" over the entire band by the demodulation operation, while the correct signal energy is concentrated into a small channel. This gives what's called "process gain" and allows a weak spread-spectrum signal to work even in channels that may be dominated by strong conventionally-modulated signals. The ARRL did find that if they knew the bandwidth of the signal they were looking for they _could_ direction-find on it, using wideband recievers and notch filters to remove known conventionally-modulated signals from the signal; once they were close enough to be in the "near field" of the transmitter standard direction-finding techniques were adequate to DF, even if they couldn't understand what was being transmitted, they could find the source. (this was the basis for the FCC's OKing of the use of SS modulation by hams on the 440 and higher bands- that some form of accountability was being preserved). ----- Note that if the PRNG in a direct-sequence SS is replaced by a true random number source, we have the equivalent of a one-time pad and (I believe) complete security. However, since the typical demands of a direct-sequence system for phase information are in the megabits per second, the logistics of "key management" may be utterly impractical. ----- So, if CM was using either modulation method, and used some reasonable PRNG (i.e. one with remappings and hopsets determined by user-genned random numbers) then it is quite possible that the government does not have the technology _deployed_ in the field to intercept them. But if they need it, I'm sure they will figure out how to do it. -Bill