RE: radio net (fwd)
So much for "no domestic crypto restrictions." I really hate when people say that, there are plenty, and export restrictions on cryptography software and cryptography in software DOES indirectly but substantially affect the availability and cost of domestic encryption, not to mention that most people download export-grade crypto from the web for convenience. Isn't there a similar ban on encryption-capable telephones and other electronic devices (other than computers). Matt
The FCC prohibits the transmission of encrypted data via analog or digital signals by amateurs.
Pig Latin or even the old 10 codes as in 10-4 are against the amateur rules. The only allowed code scheme is morse code and Q codes. Both are clasified as a well defined language. Using english and having a conversation that means something other than the standard usage is also prohibited. If you don't like it then stick to CB-Radio. At least that is the FCC's position.
So much for "no domestic crypto restrictions." I really hate when people say that, there are plenty, and export restrictions on cryptography software and cryptography in software DOES indirectly but substantially affect the availability and cost of domestic encryption, not to mention that most people download export-grade crypto from the web for convenience.
Isn't there a similar ban on encryption-capable telephones and other electronic devices (other than computers).
Matt
The FCC prohibits the transmission of encrypted data via analog or digital signals by amateurs.
Matt <mailto:melliott@itmail.ncsa.uiuc.edu>
Matthew James Gering wrote:
Isn't there a similar ban on encryption-capable telephones and other electronic devices (other than computers).
Not that I've ever heard of. Besides, what's the difference between a crypto telephone and a computer? None that is significant.
Matt
I suspect that the reason that there aren't any $99 cryptophones at Wal-Mart is that there really is not a significant market. The average person just doesn't care. And the consumer electronics business is so competitive and cost-sensitive that adding cost as a matter of principle is just not going to happen. Oh, I suppose it's possible that anyone trying to introduce a product like this could run into LEA interference - endless audits, supplier problems, FCC approvals, you name it but lack of market is probably the simplest explanation. Mike
Matthew James Gering wrote:
Isn't there a similar ban on encryption-capable telephones and other electronic devices (other than computers).
Not per se, though there _is_ still one major restriction - the Defense Department gets a crack at patent applications, so if you try to patent a crypto algorithm or crypto phone, they can seize and classify your patent application and working materials, using the excuse of "national security". There was a case in the late 70s where somebody tried to patent a wimpy analog scrambler for CB radios, and got it seized, and a number of patent applications that got delayed a long time. The RSA and Diffie-Hellman algorithms were published first, and then the patents applied for, which works in the US and Canada but makes them unpatentable in much of the rest of the world. Steve Bellovin also got lots of legal advice about what order to submit his patent applications and academic papers to avoid the risk of getting them stolen by the Feds. At 09:22 AM 9/10/98 -0700, Michael Motyka wrote:
I suspect that the reason that there aren't any $99 cryptophones at Wal-Mart is that there really is not a significant market. The average person just doesn't care. And the consumer electronics business is so competitive and cost-sensitive that adding cost as a matter of principle is just not going to happen.
Sure there are - my $150 cordless phone uses spread-spectrum, partly for better sound quality, partly for better privacy, and partly because it's simpler than picking individual channels. I think it's probably the frequency-hopping form of spread-spectrum, and the hopping speed is probably deliberately low because of Federal pressure, but it's still reasonable voice privacy. (And the digital phones that don't do spread-spectrum still advertise using "digital" for privacy...) My phone's a couple of years old; you can probably get one for <$100 now. Analog cell-phones aren't secure, but the digital cell-phones on the market all provide cryptography for voice privacy, though not all cellular service providers support it. CDMA provides some inherent security, and it, TDMA, and GSM all offer some encryption features - having prominent politicians get caught talking to their girlfriends on their cellphones has helped raise the awareness of privacy. (The real price of a cell-phone in the US is hard to determine; most range from about $100-700 without service activation, and $0-400 with a service contract of typically 1 year. But the low end's close to $99.)
Oh, I suppose it's possible that anyone trying to introduce a product like this could run into LEA interference - endless audits, supplier problems, FCC approvals, you name it but lack of market is probably the simplest explanation.
The NSA and FBI did the best job of FUD they could arm-twisting the US digital cellular standards committees into using wimpy encryption, and GSM had its own set of wrangling that went on, producing a primary algorithm that's weak, and a bunch of alternative algorithms that are progressively weaker. I probably couldn't break the GSM main code myself, but I know where to find people who can, and just about any of the frequent readers of this list could break some of the other systems used. But that doesn't mean there isn't a strong demand for voice privacy - just that the average consumer is satisfied having _some_ privacy, enough to keep casual observers out and neighbors from stealing phone service, and either doesn't believe the police would illegaly wiretap _him_, or (more cynically) doesn't believe the cellphone is enough protection if they do decide to target him. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Thu, Sep 10, 1998 at 01:57:46PM -0700, Bill Stewart wrote:
But that doesn't mean there isn't a strong demand for voice privacy - just that the average consumer is satisfied having _some_ privacy, enough to keep casual observers out and neighbors from stealing phone service, and either doesn't believe the police would illegaly wiretap _him_, or (more cynically) doesn't believe the cellphone is enough protection if they do decide to target him.
And it clearly isn't. With the exception of cellphone to cellphone traffic on one providers system (especially if it is GSM) the traffic gets sent in the clear over trunking which is not particularly well protected (and on occasion over microwave backhauls from cell sites in the clear), to wire line phones which are often very vulnerable to wiretaps. And all of these are subject to CALEA access, and many also to various subrosa access via mechanisms provided for test and maintainence and remote configuration of the system and trouble diagnosis (mechanisms well and trully exploited by phreakers over the years and well known and understood by the spooks as well). Without end to end encryption with secure key material the security of any phone is weak at best, link encryption of vulnerable links such as RF paths will keep the nosey out and raise the bar enough so as to discourage that kind of penetration by professionals, but if the call goes through switching and trunking infrastructure in the clear it is hardly difficult for large and powerful organizations to get there hands on it if they really need it... And of course if they really get desparate, they can bug the area the conversation is taking place in... or even the phones... -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Bill Stewart wrote:
Not per se, though there _is_ still one major restriction - the Defense Department gets a crack at patent applications, so if you try to patent a crypto algorithm or crypto phone, they can seize and classify your patent application and working materials, using the excuse of "national security". There was a case in the late 70s where somebody tried to patent a wimpy analog scrambler for CB radios, and got it seized, and a number of patent applications that got delayed a long time.
It seems then to be advisable to apply for international patents simultaneously. One can e.g. apply for a European patent that is valid for a number of countries. M. K. Shen
Hi Bill, Bill Stewart wrote:
Not per se, though there _is_ still one major restriction - the Defense Department gets a crack at patent applications, so if you try to patent a crypto algorithm or crypto phone, they can seize and classify your patent application and working materials, using the excuse of "national security".
I suppose we need more altruistic gestures placing good stuff into the public domain.
Sure there are - my $150 cordless phone uses spread-spectrum, partly for better sound quality, partly for better privacy, and partly because it's simpler than picking individual channels.
The security is only between the handset and the base unit. Once the signal hits the POTS it's the same old story - open line. ALSO - the channels and the hopping sequence used in the "spread-spectrum" systems are predefined. Kind of like making a stream cipher with a very short bitstream you got from the government printing orifice. Using any other sequence is a crime. The real purpose of the spread spectrum phones is to allow increased signal levels. The security is not robust. Try this one: Not particularly original - I would guess that Tim's 3DES phone is something like this. Wal Mart Plastics for the housing ( ever tooled plastics? $$$ ) Custom board Dedicated DSP for voice compression/decompression Modem chipset for POTS connect ( direct or ISP ) Fast microP for encryption/protocol Any encryption algorithm you desire Software Developer's Kit ( roll your own algorithm ) This will work very nicely at home or with any cell phone that has a modem port. It's really nothing but a dedicated version of a PC based PGP phone. It's just smaller and cheaper than a PC and has no MS DLLs on it. Regards, Mike
participants (6)
-
Bill Stewart -
Dave Emery -
Matt Elliott -
Matthew James Gering -
Michael Motyka -
Mok-Kong Shen