Appearing on the front (lower-right corner) page of the Thursday NY Times. > New York Times - March 20, 1997 > > > Code Set Up to Shield Cellular Calls Breached > > By JOHN MARKOFF > > SAN FRANCISCO -- A team of well-known computer security experts will > announce on Thursday that they have cracked a key part of the electronic > code meant to protect the privacy of calls made with the new, digital > generation of cellular telephones. > > The announcement, intended as a public warning, means that -- despite their > greater potential for privacy protection -- the new cellular telephones may > in practice be little more secure from eavesdropping than the analog > cellular phones in use the last 15 years. It was such eavesdropping, for > example, that caused trouble for House Speaker Newt Gingrich when a Florida > couple listened to his cellular phone conversation in December about the > congressional ethics inquiry. > > Now that digital wireless networks are coming into use around the nation, > the breaking of the digital code by the team of two computer security > consultants and a university researcher confirms fears about privacy that > were raised five years ago when the communications industry agreed under > government pressure to adopt a watered-down privacy technology. > > According to several telecommunications industry officials, that pressure > came from the the National Security Agency, which feared that stronger > encryption technology might allow criminals or terrorists to conspire with > impunity by cellular phones. > > But independent security experts now say that the code is easy enough to > crack that anyone with sufficient technical skills could make and sell a > monitoring device that would be as easy to use as a police scanner is. > > Such a device would enable a listener to scan hundreds of wireless channels > to listen in randomly on any digital call within a radius ranging from > 1,000 feet to a number of miles. Or, as with current cellular technology, > if a specific person was the target of an eavesdropper, the device could be > programmed to listen for any nearby digital call to that person's telephone > number. > > Other possible transgressions would include using the device to > automatically harvest all calling card or credit card data transmitted with > nearby digital wireless phones. > > And, because of a loophole in the Communications Act of 1934, making and > selling such devices would not be illegal, though actually using one would > technically be against the law. > > These monitoring devices are not yet available, but security experts said > that a thriving gray market was certain to develop. And with technical > details of the security system already circulating on the Internet, > instructions for cracking it will almost certainly make their way into the > computer underground, where code breaking and eavesdropping are pursued for > fun and profit. > > Technical details of the security system were supposed to be a closely > guarded secret, known only to a tight circle of industry engineers. But the > researchers performed their work based on technical documents that were > leaked from within the communications industry and disseminated over the > Internet late last year. > > "The industry design process is at fault," said David Wagner, a University > of California at Berkeley researcher who was a member of the team that > broke the code. "We can use this as a lesson, and save ourselves from more > serious vulnerabilities in the future." > > Communications industry technical experts, made aware of the security flaw > earlier this year, have been meeting to determine whether it is too late to > improve the system's privacy protections. Already the digital technology is > in use in metropolitan areas, including New York and Washington, where > either the local cellular networks have been modified to support digital > technology or where new so-called wireless personal communications services > are being offered. > > "We're already in the process of correcting this flaw," said Chris Carroll, > an engineer at GTE Laboratories, who is chairman of the industry committee > that oversees privacy standards for cellular phones. > > But Greg Rose, a software designer for the Qualcomm Inc., a leader in > digital cellular systems, said that fixing the flaw would be "a nightmare." > Tightening the security system, Rose said, would involve modifying software > already used in the computerized network switching equipment that routes > wireless digital telephone calls, as well as the software within individual > phones. > > Currently, about 45 million Americans have cellular phones, though most of > them so far are based on an older analog standard that offers no > communications privacy. But cellular companies are gradually converting > their networks to the new digital standard, and the new personal > communications services networks going into operation around the country > also employ the digital-encryption system. Nearly a million PCS phones have > been sold in the United States, according to cellular industry figures. > > Besides Wagner, the other researchers who cracked the code were Bruce > Schneier and John Kelsey of Counterpane Systems, a Minneapolis consulting > firm. Schneier is the author of a standard textbook on cryptography. > > The new digital wireless security system, which was designed by cellular > telephone industry engineers, was never intended to stop the most > determined wiretappers. > > But because digital calls are transmitted in a format corresponding to the > 1's and 0's of computer language, they are more difficult to eavesdrop on > than conventional analog calls, which are transmitted in electronic > patterns analogous to sound waves. And digital calls protected with > encryption technology -- basically a mathematical formula in the software > that scrambles the signal -- would be all the harder for a third party to > listen to surreptitiously. > > Because the encryption system that the industry adopted in 1992 was > deliberately made less secure than many experts had recommended at the > time, privacy rights advocates have been warning since that the code could > be broken too easily. An announcement Thursday that the code has indeed > been cracked would seem to bear out those concerns. > > "This should serve as a wake-up call," said James Dempsey, senior staff > counsel for the Center for Democracy and Technology, a public interest > group. "This shows that government's effort to control encryption > technology is now hindering the voice communications industry as well as > the data and electronic communication realm." > > Industry executives acknowledged that steps must be taken to address the > problem. > > "We need strict laws that say it is illegal to manufacture or to modify a > device which is designed to perpetrate the illegal interception of PCS > telephone calls," said Thomas Wheeler, president of the Cellular Telephone > Industry Association, a Washington-based trade group. > > Wheeler said the weaker privacy technology had been adopted not simply to > appease the government but because makers of wireless communications > hardware and software had wanted to embrace a technical standard that would > meet federal export regulations. Those rules, based on national security > considerations, sharply curtail the potency of American-made encryption > technology. > > The three computer researchers who broke the code belong to an informal > group of technologists who believe strongly that powerful data-scrambling > technologies are essential to protect individual privacy in the information > age. > > These technologists, who planned to release their findings in a news > release on Thursday, argue that the best way to insure that the strongest > security codes are developed is to conduct the work in a public forum. And > so they are sharply critical of the current industry standard setting > process, which has made a trade secret of the underlying mathematical > formulas used to create the security codes. > > "Our work shows clearly why you don't do this behind closed doors," > Schneier said. "I'm angry at the cell phone industry because when they > changed to the new technology, they had a chance to protect privacy and > they failed." > > Carroll, head of the industry's privacy committee, said it planned to > revise the process for reviewing proposed technical standards.