[Originally from RISKS Digest] Date: Mon, 28 Feb 1994 11:32:59 -0800 (PST) From: "M. Hedlund" Subject: FBI Digital Telephony Proposal and PCS mobile phone networks This article elaborates on part of the EFF statement issued last week concerning the FBI's proposed Digital Telephony wiretap bill. The EFF condemned the bill, which enlarges law enforcement powers of surveillance, granted by wiretap laws, by adding tracking ability. Addressed herein is point two of the EFF statement, concerning the surveillance of mobile communica- tors, such as cellular phones, Personal Communications Services (PCS) and laptop computers. PCS mobile phones create severe privacy risks for future phone users, especially under the FBI's proposal; and these risks strongly support the EFF's position. The FBI asserts that their proposal adapts existing wiretap laws to account for emerging communications technologies. Wiretap laws have not adequately covered mobile communications, and the FBI is correct to assume that some revisions will be necessary to adequately balance law enforcement needs with the privacy rights of mobile phone users. Their proposed revisions, however, do not simply provide for wiretap; instead, the FBI seeks to expand wiretap laws, allowing law enforcement officers to track the signalling information of mobile communications users. The EFF believes that the FBI proposal would create an enormous hole in the privacy rights of individuals suspected of crimes. Their statement notes: It is conceivable that law enforcement could use the signalling information to identify the location of a target.....This provision takes a major step beyond current law in that it allows for a tap and/or trace on a *person*, as opposed to mere surveillance of a phone line. This fear is completely realistic. It is not simply "conceivable" that the FBI's proposal would allow law enforcement to surveil the location of a target -- positioning technology is a planned part of PCS networks, one of the technological advances anticipated by the proposal. Similar positioning technology is planned for cellular phones, as well. PCS advances cellular phone technology by integrating mobile communications with other phone networks, and by expanding the services and quality mobile phones can offer. Most PCS proposals involve three forms of mobility: terminal mobility, the ability to make and receive calls at any location, and the ability of the phone network to track the location of the mobile phone; personal mobility, the ability of the user to be reachable by a single phone number at all times; and service mobility, the ability of the user to access CLASS(sm)-like features, such as Call Waiting and Caller ID, from any phone they use. The FBI proposal requires phone companies, when presented with a wiretap order, to transmit the content and the signalling, or "call setup information," from the tapped phone to law enforcement officers. With a wireline phone, such as a residence phone line, call setup information would comprise only the originating and dialled phone numbers, as well as billing information (such as the residence address) for the call. Because of the wireless aspect of PCS, however, call setup information for a PCS phone includes very detailed information on the location and movement of the caller. PCS mobile phones will connect with the phone network via "microcells," or very small receivers similar to those used for cellular phones. While a cellular network uses cells with up to an 8 to 10 mile radius, PCS networks will use microcells located on every street corner and in every building. The call setup information for a PCS call would include the microcell identifier -- a very specific means of locating the user. An order for a PCS wiretap would allow law enforcement officers to receive a detailed, verifiable, continuous record of the location and movement of a mobile phone user. These phones are also likely to "feature" automatic registration: whenever the PCS mobile phone is on (in use or able to receive calls), it will automatically register itself with the nearest microcell. Law enforcement agencies, able to track this registration, would have the equivalent of an automatic, free, instantaneous, and undetectable global positioning locator for anyone suspected of a crime. PCS tries to improve on cellular phone privacy and security by incorporating cryptographic techniques. Encryption could not only create a secure phone conversation, but could also (coupled with use of a PIN number) insure that only a valid subscriber could make calls on a particular phone, preventing fraudulent calls on stolen phones. An additional phone-to-network authentication could prevent fraudulent calling through a "masquerade" phone designed to simulate a user's registration. But the FBI proposal would require that such encryption be defeatable in wiretap circumstances. As the proposal stands, this form of weak encryption is distinguishable from the Clipper Chip because the phone companies, not a key escrow arrangement, enable law enforcement access; but it is entirely possible that the Clipper Chip could be used as the encrypting device. In either circumstance, PCS encryption could be compromised by careless or malicious law enforcement officials. Perhaps it is time for Phil Zimmerman and ViaCrypt to begin work on PGPCS -- and let us all hope we are so lucky. The cellular phone market is tremendous, and analysts believe that the PCS market, incorporating both voice and data communications, will be even larger. Coupled with the FBI's Digital Telephony proposal, PCS raises many privacy and security risks, making the EFF's condemnation of the FBI proposal all the more appropriate. CLASS is a service mark of Bell Communications Research (Bellcore). For more information: * Bellcore Special Report SR-INS-002301, "Feature Description and Functional Analysis of Personal Communications Services (PCS) Capabilities," Issue 1, April 1992. Order from Bellcore, (800) 521-CORE (2673), $55.00. * GAO report GAO/OSI-94-2, "Communications Privacy: Federal Policy and Actions," November 1993. Anonymous FTP to cu.nih.gov, in the directory "gao-reports". * EFF documents, available via anonymous FTP or gopher: ftp://ftp.eff.org/pub/EFF/Policy/Digital_Telephony [*The New York Times* today has a front-page article by John Markoff, entitled "Price of Technology May Be Privacy". I first saw a version of it in today's *San Francisco Chronicle*, although as seems typical of the Chron they truncated it after 11 of its 34 paragraphs. At least they mentioned Markoff this time, which they frequently do not do! PGN]