private line magazine and e-zine back issue text archive. Caution when using any material here which is now very much dated.
- _(11)_(11A) (12)_(12A)
I. PATENT AND TRADEMARK LIBRARIES
NOTE: Asterisks denote APS or Automated Patent Search capability
Alabama: Auburn University (205) 844-1747*; Birmingham Public Library (205) 226-3620 Alaska: Anchorage: Z. J. Loussac Public Library (907) 562-7323 Arizona: Tempe: Noble Library, Arizona State University (602) 965-7010* Arkansas: Little Rock: Arkansas State Library (501) 682-2053 California: Los Angeles Public Library (213) 228-7220; Sacramento California State Library (916) 654-0069; San Diego Public Library (619) 236-5813; San Francisco Public Library (Not Yet Operational?); Sunnyvale Patent Clearinghouse (408) 730-7290 Colorado: Denver Public Library (303) 640-8847 Connecticut: New Haven: Science Park Library (203) 786-5447 Delaware Newark: University of Delaware Library (302) 831-2965 Dist. of Columbia Washington: Howard University Libraries (202) 806-7252 Florida: Fort Lauderdale: Broward County Main Library (305) 357-7444 Miami-Dade Public Library (305) 375-2665; Orlando University of Central Florida (407) 823-2562; Tampa Campus Library, Univ. of South Florida (813) 974-2726 Georgia Atlanta: Price Gilbert Memorial Library, Georgia Institute of Technology (404) 894-4508 Hawaii: Honolulu: Hawaii State Public Library System (808) 586-3477 Idaho Moscow: University of Idaho Library (208) 885-6235 Illinois: Chicago Public Library (312) 747-4450; Springfield Illinois State Library (217) 782-5659 Indiana:Indianapolis-Marion County Public Library (317) 269-1741; West Lafayette: Siegesmund Engineering Library, Purdue University (317) 494-2873 Iowa: Des Moines: State Library of Iowa (515) 281-4118 Kansas: Wichita: Ablah Library, Wichita State University (316) 689-3155 Kentucky Louisville Free Public Library (502) 574-1611 Louisiana: Baton Rouge Troy H. Middleton Library, Louisiana State University (504) 388-2570 Maine: Orono: Raymond H. Fogler Library, University of Maine Not Yet Operational Maryland College Park: Engineering and Physical Sciences Library, University of Maryland (301) 405-9157 Massachusetts: Amherst: Physical Sciences Library, University of Massachusetts (413) 545-1370; Boston Public Library (617) 536-5400 Ext. 265 Michigan: Ann Arbor Engineering Library, University of Michigan (313) 764-5298; Big Rapids: Abigail S. Timme Library, Ferris State University (616) 592-3602; Detroit Public Library (313) 833-1450 Minnesota: Minneapolis Public Library and Information Center (612) 372-6570 Mississippi: Jackson: Mississippi Library Commission (601) 359-1036 Missouri: Kansas City: Linda Hall Library (816) 363-4600 St. Louis Public Library (314) 241-2288 Ext. 390 Montana: Butte: Montana College of Mineral Science and Technology Library (406) 496-4281 Nebraska: Lincoln: Engineering Library, University of Nebraska-Lincoln (402) 472-3411 Nevada: Reno University of Nevada, Reno Library (702) 784-6579 New Hampshire: Durham: University of New Hampshire Library (603) 862- 1777 New Jersey: Newark: Public Library (201) 733-7782 Piscataway: Library of Science and Medicine, Rutgers University (908) 445-2895 New Mexico: Albuquerque: University of New Mexico Gen. Libary (505) 277- 4412 New York: Albany New York State Library (518) 474-5355; Buffalo and Erie County Public Library (716) 858-7101; New York Public Library: (The Research Libraries) (212) 930-0917 North Carolina: Raleigh, D.H. Hill Library, North Carolina State University (919) 515-3280 * North Dakota: Grand Forks: Chester Fritz Library, University of North Dakota (701) 777-4888 Ohio Cincinnati and Hamilton County, Public Library of (513) 369-6936 Cleveland Public Library (216) 623-2870 *Columbus: Ohio State University Libraries (614) 292-6175; Toledo/Lucas County Public Library (419) 259-5212 Oklahoma: Stillwater, Oklahoma State University Center for International Trade Development (405) 744-7086 Oregon: Salem: Oregon State Library (503) 378-4239 Pennsylvania Philadelphia, The Free Library of (215) 686-5331; Pittsburgh, Carnegie Library of (412) 622-3138; University Park: Pattee Library, Pennsylvania State University (814) 865-4861 Rhode Island: Providence Public Library (401) 455-8027 South Carolina: Charleston, Medical University of South Carolina Library (803) 792-2372 Clemson University Libraries (803) 656-3024 South Dakota: Rapid City, Devereaux Library, South Dakota School of Mines and Technology Not Yet Op. Tennessee: Memphis & Shelby County Public Library and Information Center (901) 725-8877 Nashville: Stevenson Science Library, Vanderbilt University (615) 322-2775 Texas: Austin, McKinney Engineering Library, University of Texas at Austin (512) 495-4500 College Station: Sterling C. Evans Library, Texas A & M University (409) 845-3826 Dallas Public Library (214) 670-1468 * Houston: The Fondren Library, Rice University (713) 527-8101 Ext. 2587 Utah Salt Lake City: Marriott Library, University of Utah (801) 581-8394 * Virginia: Richmond: James Branch Cabell Library, Virginia Commonwealth University (804) 828-1104 Washington: Seattle, Engineering Library, University of Washington (206) 543-0740 West Virginia Morgantown: Evansdale Library, West Virginia University (304) 293-2510 Wisconsin Madison: Kurt F. Wendt Library, University of Wisconsin Madison (608) 262-6845; Milwaukee Public Library (414) 286-3247 * Wyoming: Casper, Natrona County Public Library Not Yet Operational
J. class 379: telephonic communications the whole enchilada -- your patent friend
1 DIAGNOSTIC TESTING, MALFUNCTION INDICATION, OR ELECTRICAL CONDITION MEASUREMENT 2 .Including fault responsive disconnection of tested component 3 .Of hybrid, or echosuppressor or canceller 4 .Of repeater 5 .By loopback 6 .By analysis of injected tone signal 7 .For detection of eavesdropping device 8 .With blocking of normal usage 9 .Of centralized switching system 10 ..By automatic testing sequence (e.g.,programmable scanning) 11 ...Routiner 12 ..With dedicated testing line or trunk 13 ..of call timing or charging equipment 14 ..Of plural exchange network 15 ..Of automatic switching equipment 16 ..Of switching path 17 ..Of switching selector 18 ..By use of call address signal 19 ...Rapid manual connecting structure for test equipment 20 ..of switchboard element condition (e.g., lamp) 21 .Using portable test set (e.g., handset type) 22 .Of trunk or long line 23 ..Of line signalling 24 ..Electrical parameter measurement(e.g., attenuation) 25 ..Conductor identification or location 26 ..Fault identification or location (e.g., continuity, leakage) 27 .Of subscriber loop terminal 28 ..of data transmission instrument 29 ..Terminal arrangement to enable remote testing (e.g., testing interface) 30 ...Loop impedance (e.g., resistance, capacitance) 31 ..Of line signalling generator (e.g., dial, tone code generator) 32 .Indication of non standardcondition of telephone equipment 33 ..Alarm or emergency (e.g., cut line)
34 SERVICE MONITORING OR OBSERVATION 35 . Listening-in or eavesdropping type
36 FREE CALLING FROM PAYSTATION
37 EMERGENCY OR ALARM COMMUNICATIONS (E.G., WATCHMAN'S CIRCUIT) 38 .Personal monitoring (e.g., for the ill or infirm) 39 .Response to sensed non system condition 40 ..Automatic dialing 41 ..Transmission of recorded audio message 42 ..Plural conditions 43 ..Fire 44 ..Intrusion 45 .Central office responsive to emergency call or alarm (e.g., "911", operator position display) 46 .Called line or station condition responsive (e.g., recall if busy) 47 .Plural alarms over single line 48 .Announcement or alarm received at terminal stations (e.g.,"butt-in" alarm) 49 .Central station with plural substation 50 .By pulse or digital signal 51 .With automatic dialing or transmission of recorded audio message
52 INCLUDING AID FOR HANDICAPPED USER (E.G., VISUAL, TACTILE, HEARING AID COUPLING)
53 WITH CONVERSATIONAL VIDEO COMMUNICATION (I.E., VIDEOPHONE) 54 .Switching control
55 HAVING NEAR FIELD LINK (E.G., CAPACITAVE, INDUCTIVE)
56 HAVING ELECTROMAGNETIC LINK FOR SPEECH OR PAGING SIGNAL (E.G., LIGHT WAVE LINK) 57 .Control of selectively responsive paging arrangement over telephone line 58 .Radio telephone system or instrument 59 ..Zoned or cellular system 60 ...Having zoned/cellular system switching (e.g., hand-off) 61 ..Including cordless extension set (i.e., having single subscriber line access) 62 ...With privacy or lockout (e.g., identity verification) 63 ..Including supervisory or control signaling
64 HAVING SINGLE CHANNEL TELEPHONE CARRIER 65 .Including call signalling (e.g., ringing, off-hook, dialing) 66 .Over power line
67 WITH AUDIO MESSAGE OR STORAGE RETRIEVAL 68 .Dynamic audio signal recording or reproduction 69 ..Call originating 70 ..Call intercept or answering 71 ...Consecutive use of recorded phrases or words to form message 72 ...Sequential or repeated announcement during single call initiated cycle 73 ...Plural record carrier channels 74 ...Remote control over telephone line 75 ....Remote dictation 76 ....Announcement selection or replacement 77 ....Control by generated tone 78 ...Acoustic coupling 79 ...With specified call initiated control circuitry 80 ....Voice signal presence responsive 81 ....Call termination responsive (hang-up) 82 ....Having specified call initiation (e.g., ringing) responsive circuitry 83 ....Structural detail of storage medium drive 84 ...At switching facility (e.g., central office, switchboard) 85 ..Recording of telephone signal during normal operation 86 ...Inductive pickup 87 ..Reproduced signal distributed over telephone line 88 .Stored in digital form 89 ..Subscriber control of central office message storage or retrieval
90 TELEPHONE LINE OR SYSTEM COMBINED WITH DIVERSE ELECTRICAL SYSTEM OR SIGNALLING (E.G., COMPOSITE) 91 .Credit authorization 92 .Polling (audience survey) 93 .With transmission of a digital message signal over a telephone line 94 ..Including switching station 95 ..Access restricting 96 ..Including terminal for display of digital information 97 ..By voice frequency signal (e.g., tone code) 98 ...By modulated audio tone 99 ...Having acoustic link 100 .To produce visual-graphic copy reproduction (e.g., facsimile) 101 .Audio program distribution 102 .Remote control 103 ..of entrance or exit lock 104 ..With indication 105 ..From terminal 106 .Remote indication over 107 .Meter reading 108 .Telegraphy 109 ..Over telephone line
110 COMPOSITE SUBSTATION OR TERMINAL (E.G., HAVING CALCULATOR, RADIO)
111 WITH MEASUREMENT (E.G., CALL OR TRAFFIC REGISTER) 112 .Computer or processor control 113 ..Call traffic recording 114 .Call charge metering or monitoring 115 ..Interexchange operations 116 ..Hardcopy record generating 117 ..Of station on polystation or party line 118 ...Identification of station 119 ..Hardcopy record generating (e.g., ticket printing) 120 ...With line I.D. or class of service determination 121 ..At central office 122 ...With display 123 ...Paystation (e.g., escrow control) 124 ...Pulse counting or accumulating (e.g., "message metering") 125 ....Local or zone 126 ....Automatic message accounting 127 ....Having line identification (e.g., automatic #I.D.:"ANI" 128 ....Time of day controlled 129 ...Manually set (e.g., key and lock) 130 ..At subscriber station 131 ...Time controlled 132 ....Paystation (e.g., escrow control) 133 .Call traffic recording or monitoring 134 ..At central station 135 ...With hardcopy record generation (e.g., ticket generation) 136 ...With display 137 ...Trunk usage (e.g., peg count) 138 ....All trunks busy metering 139 ...Counting the number of completed connections 140 ..At subscriber 141 ...Mechanical register
142 WITH CALLING NUMBER DISPLAY OR RECORDING AT CALLED SUBSTATION
143 WITH CHECK OPERATED CONTROL (E.G., PAYSTATION) 144 .Other than coin 145 .Fraud or interference prevention 146 .Coin signalling or control 147 ..Coin box audit or totalizer 148 ..Denomination 149 ..Post-pay coin collection 150 ...Coin disposition (return or collection) 151 ...Upon connection to called station 152 ...Magnet, electromagnet, or relay controlled from central office 153 ...Paystation (e.g., control by refund key) 154 .At central office 155 .At terminal station (e.g., coin paystation)
156 MULTI-LINE OR KEY SUBSTATION SYSTEM WITH SELECTIVE SWITCHING AND CENTRAL SWITCHING OFFICE CONNECTION 157 .With special service 158 ..Conferencing 159 .With intercom system 160 ..With connection of intercom station to subscriber line 161 .With exclusion or priority feature (e.g., lockout or privacy) 162 .Detail of hold circuitry 163 ..Electronic 164 .Line status indication or call alerting 165 .Switching or supervision feature (e.g., common control, digital) 166 .Detail of line circuit or line card
167 PRIVATE (E.G., HOUSE OR INTERCOM) OR SINGLE LINE SYSTEM 168 .Lockout 169 ..Central power source 170 .With paging 171 .Having plural stations with selective calling (e.g., master) 172 ..With call addressing 173 .With call addressing 174 .Including body or apparel supported terminal (e.g., headgear) 175 ..For underwater use (e.g., in diver's suit) 176 .With central power source
177 POLYSTATION LINE SYSTEM (I.E. PARTY LINE) 178 .Revertive call 179 .Call alerting (ringing) 180 ..Full selective or tuned (e.g., harmonic) 181 ..Semi selective (e.g., line side, polarized) 182 .Automatic or unattended 183 ..Station identification 184 ..Lockout 185 .Portable or mobile 186 .Central power source 187 .Connected to central office
188 CALL OR TERMINAL ACCESS ALARM OR CONTROL 189 .Fraud or improper use mitigating or indication ("blue box","black box") 190 .Time out 191 ..At switching center 192 ...Of call duration (e.g., conversation timer) 193 ...Of specific equipment 194 .Lockout or double use signalling 195 ..In automatic system 196 .At switching center 197 ..Central office 198 ..PBX 199 At substation 200 ..Restrictive dialing circuit
201 SPECIAL SERVICES 202 .Conferencing 203 ..Operator control 204 ..Subscriber control 205 ...Conference initiation by single calling station 206 ..At substation 207 .At plural exchanges 208 .Priority override (e.g., butt-in) 209 .Repetitive call attempts (e.g., camp on busy, retry) 210 .Call diversion (e.g., call capture) 211 ..Call forwarding 212 ..Call transfer 213 ..Intercept (e.g., dead or changed number) 214 ..Secretarial or answering service 215 .Call waiting 216 .Abbreviated dialing or direct call (e.g., hot line) 217 .Audible paging 218 .Performed by operator (e.g., butt-in, busy verification)
219 PLURAL EXCHANGE NETWORK OR INTERCONNECTION 220 .With interexchange network routing 221 ..Alternate routing 222 .Toll center 223 ..With operator assistance 224 .Tandem switching center 225 .Multi-PBX interconnection 226 .Having a manual exchange 227 ..With an automatic exchange 228 ..Having signalling to operator 229 .Interexchange signaling 230 ..Signalling path distinct from trunk (e.g., CCIS) 231 ..Central office-to-PBX signalling 232 ...PBX trunk groups 233 ...Direct inward dialing 234 ..PBX to central office signalling (e.g., direct outward dialing) 235 ..Voice frequency signalling over trunk 236 ..DC signalling over trunk 237 ...Pulse or digital signalling 238 ....Having signalling repeater 239 ....Using register sender 240 ..Interexchange trunk circuit 241 ...Glare or simultaneous seizure mitigation
242 CENTRALIZED SWITCHING SYSTEM 243 .Class of service determination or transmission 244 ..In common control system 245 .Identification 246 ..Of line or trunk 247 ...With display 248 ...Using matrix 249 ...For nuisance call mitigation 250 .Four wire switching 251 .With generating of call associated substation signal 252 ..For alerting signal at called station (e.g., ringing) 253 ...Electronic 254 ...Associated with connector 255 ...With interrupter 256 ..Having automatic or through ringing 257 ..For calling station (e.g., status or progress tones) 258 .Switching controlled in response to called station addressing signal 259 ..Including deflected electron beam switching device or mechanical or optical switching control (e.g., fluidic) 260 ..With operator position or completion of call (e.g., dial "0") 261 ...Operator controlled register sender 262 ...Call extension by operator 263 ....With call indicator or announcer 264 ....A to B operator 265 ...Call distribution to operator 266 ....Call queuing 267 ...Operator's console 268 ..Having shared or common switching control 269 ...Distributed control 270 ...In-stage or interstage scanning (e.g., link scanning) 271 ...Having multistage switching 272 ....Path selection or routing 273 .....Alternate routing 274 ......With busy or idle test 275 .....Including marking circuit 276 ......End to end marking (e.g., self seeking) 277 .....With busy or idle test 278 ....Interstage junctor or "trunk" 279 ...Control reliability (e.g., reliability) 280 ...Including registering or storing device for call address signal 281 ....Conversion between dial pulse and voice frequency signal 282 ....Voice frequency receiver 283 .....Dual tone multifrequency (DTMF) receiver 284 ....With processor 285 ....With magnetic memory 286 ....Signal processing (e.g., dial pulse analysis) 287 ....Electronic 288 ....Register-sender 289 ...Translator 290 ...With time division of Control or supervisory signals 291 ...With detail of crosspoint switching structure (e.g., crossbar) 292 ....Electronic crosspoint (e.g.,solid state) 293 ..Having line finder 294 ...Including electronic element 295 ...Plural 296 ..With repeater 297 ..Having specified busy-idle test 298 ..Direct control 299 ...Step-by-step system 300 ....Having plural wiper sets 301 ....Having potential control 302 ....Having rotary switch 303 ....Coordinate system (e.g., X-Y) 304 ...All relay type 305 ...Having motor driven switch 306 ..With crosspoint switch detail 307 ..With power supply 308 .Switching apparatus for connecting calling line to operator's position 309 ..Call distribution or queuing 310 .Divided central (e.g., communication between switchboards) 311 ..Having signalling path feature 312 .Having multiple answering jacks for multiple line 313 .Multiple section switchboard 314 ..Auxiliary (e.g., overflow) 315 .With line-signal control 316 ..Spring-jack cut off 317 ..Relay cut off 318 ..Central power source 319 .Single switchboard (e.g., cord circuit) 320 ..Switchboard circuit 321 ..Connection to operator's terminal 322 .Power supply 323 ..Power to switching equipment 324 ..Central power source (e.g., common battery, line current feed) 325 .Structure of equipment 326 ..Wire or cable distribution 327 ...Main or intermediate distribution frame 328 ..Equipment mounting or support 329 ...Allowing movement of equipment (e.g., movable, modular) 330 ..Housing 331 .Having protective circuit 332 .Plug and socket
333 CONCENTRATOR OR TRUNK SELECTOR 334 .Concentrator distributor pair (e.g., line concentrator) 335 .Using crossbar or crosspoint switching
338 REPEATER (E.G., VOICE FREQUENCY) 339 .With signal conversion (e.g., dial to DTMF, analog to PCM) 340 .Having line length compensation or equalization 341 .Pulse or tone repeater 342 ..Electronic (e.g., logic circuitry) 343 .Controlled by a pilot or reference signal 344 .Controlled processes bi-directional signal 345 ..Including two to four wire conversion or hybrid circuit 346 .With frequency discriminator or negative impedance element 347 .With gain or attenuation control 348 . Transmission of power to distant repeater 349 .Having voice frequency transformer
350 SUPERVISORY OR CONTROL LINE SIGNALLING 351 .Signalling integrity protection (e.g., voice signal immunity) 352 .Substation originated 353 ..Conversion of signal form 354 ..With called number display 355 ..Repertory or abbreviated call signal generation 356 ...With dynamic memory 357 ...Insertable control elementor circuitry (e.g., card) 358 ...By motor driven dial rotating device 359 ...Pulse signal generating (card) 360 ..Voice frequency band signalling (e.g., reed devices) 361 ...Electronic (e.g., tone generator) 362 ..Pulse signal generator (e.g., rotary dial) 363 ...Control of motor driven rotating device 364 ...With nonrotary actuator (e.g., key or slide type) 365 ...Specified switching contact (e.g., contact spring) 366 ...With detail of dial return mechanism (e.g., driving spring, speed governor) 367 ...Finger wheel or mechanical adjunct (e.g., finger stop) 368 ..Plural-switch number input device (keypad) 369 ..Detail of mounting of switch pad or dial 370 ...In handset 371 ..Magneto signalling 372 .Signal reception at substation 373 ..Incoming call alerting (e.g., ringing) 374 ...With music or audible music generation 375 ...With electronic call sounder (tone ringer) 376 ...With visual indication of incoming call 377 .Using line or loop condition detection (e.g., line circuit) 378 ..With current controlling electromagnetic core device (Hall-effect) 379 ..With optical link between line and switching system 380 ..By bridge circuit 381 ..Busy test or make busy 382 ..For ring trip or polarity reversal detection 383 ..Of plural lines 384 ...By scanning 385 ..Relayless 386 .Signal receiver (e.g, tone decoder)
387 SUBSTATION OR TERMINAL CIRCUITRY 388 .For loudspeaking terminal 389 ..For circuitry for voice control of transmission direction 390 ..With amplification or attenuation level control 391 .Sidetone control or hybrid circuit (einduction coil) 392 ..Suppression (e.g., antisidestone) 393 .Hold circuit 394 .Impedance matching or line equalizing 395 .Amplifying 396 .Visual signalling (lamp) 397 .Wire distribution
398 LINE EQUALIZATION OR IMPEDANCE MATCHING
399 SUBSCRIBER LINE OR TRANSMISSION LINE INTERFACE 400 .For line length compensation 401 ..Voltage boosting circuitry 402 .Hybrid circuit 403 ..With adjustable balance circuit 404 ...Automatic adjustment 405 ..Electronic noninductive 406 .Echo suppression, antisinging, or reverse path blocking 407 ..Disable or inhibit 408 ..Control by pilot frequency signal 409 ..Having variolosser or attenuator 410 ..Echo cancellation (e.g., phase opposition) 411 ...Having transversal filter 412 .Protective circuit 413 .Power supply (e.g. battery feed)
414 TRANSMISSION LINE CONDITIONING 415 .Reactance neutralizing 416 .Interference suppression 417 ..Anti-crosstalk
418 CALL SIGNAL GENERATING (RINGING OR TONE GENERATOR)
419 TERMINAL 420 .Having loudspeaking conversation capability (e.g., hands-free type or speakerphone) 421 .Having muting 422 .Switch or switch actuator structure 423 ..Line selection 424 ..Receiver or handset position responsive (e.g., hookswitch) 425 ...With mechanism for latching hookswitch or plunger against motion 426 ...Movable holder for receiver or handset 427 ...Having plunger and lever linkage 428 .Housing or housing component 429 ..Having distinct circuitry support structure (circuit board) 430 ..Body supported (e.g. headgear) 431 ..Separate housings for earphone and microphone (e.g., candlestick type) 432 ..Loudspeaking set 433 ..Handset structure 434 ..Specified terminal configuration (e.g., novelty type) 435 ..Wall set/convertible 436 ..Desk set 437 ..Protective structure 438 ..Of cord or connector 439 ...Antiseptic 440 ..Casing or enclosure
441 TERMINAL ACCESSORY OR AUXILIARY EQUIPMENT 442 .With circuit connection to terminal 443 .Including coupler (e.g., inductive) 444 ..Acoustic 445 .Locking device 446 .Telephone receiver support 447 .Attachable to terminal housing 448 ..Hookswitch operator 449 ..Handset holder (e.g., shoulder rest) 450 ..Clips onto terminal structure 451 .Protective structure 452 ..Antiseptic, disinfecting or disposable 453 .Hood or enclosure (booth) 454 .Support or stand 455 ..Handset holder 456 .Dialing tool
VI Who's Bugging You?: privateline talks with Chris Hall
About Chris Hall
Chris Hall is the Chief Operating Officer for Executive Protection Associates, Inc., a worldwide company providing high-level investigations, security consulting, and privacy protection strategy to Industry, Individuals, and Celebrities. Mr. Hall has over 15 years of experience in Law, Business, Investigations, Professional Bodyguarding, and Intelligence analysis. Mr. Hall has conducted covert surveillance, counter-surveillance, intelligence gathering and analysis, and has lead a team of up to 10 Bodyguards for a Fortune 500 employer, celebrities, and dignitaries.
Mr. Hall maintains a business interest in an electronic engineering firm that designs and markets electronic surveillance and counter- surveillance equipment for public and private customers. He is currently assigned to Professional Executive Investigations, where he heads EPAI's California licensed Private Investigation Agency, and the EPAI Training Division. He is the North American Regional Governor for the IAPPS ( International Association of Personal Protection Specialists ( Bodyguards ).
Mr. Hall will be a regular contributor to private line and can be reached via e-mail at: firstname.lastname@example.org
- Counter-Surveillance for fun and enjoyment. - Personal Security - Open-Source Intelligence Gathering. - Social Engineering 101. - Privacy Protection in the 90's. - Off-Shore, and why you need to be there. - How to get a Second Legal passport. - So you want to be a Monk, Knight, Doctor ? Then read on. . . - How to get a "refugee" passport and international status.
private line talks with Chris Hall . . .
NOTE: Chris Hall helped give a great talk at Def Con about electronic security. He'll be a regular contributor to private line on a number of subjects. This e-mail interview is about telephone security. My questions are in italics.
TF: It seems there are three ways to monitor a telephone conversation: a "hardwired" wiretap, an electronic bug or transmitter and REMOBS or Remote Observation. Any others?
CH: A body wire but that only gets one side of the conversation. And a beige box or a lineman's handset, which is a kind of remote observation.
TF: What constitutes a wiretap?
CH: Any unauthorized ( by the tap-ee) monitoring of your telephone communications or room conversation.
TF: Do you come across many?
CH: In my years in the industry I have seen the number of discovered taps increase by at least 60% in just the past five years. Mostly in industry -- high-tech, bio-tech, etc.
TF: A wiretap, to me, conjures up visions of policemen huddled in a rented room, bent over a tape recorder. Perhaps across the street from the observed site. Is this accurate or do they just leave the tape recorder in place and change the tapes when needed?
CH: Police or Federal wiretaps usually are REMOBS ( Remote Observation Posts ) and can be several miles away. Most are usually unmanned and recorded on digital tape or digitized and stored on disk for later analysis. Most authorized taps are done at the central office, and routed to the REMOB point where it can be either manned ( if a sensitive operation is on-going) or unmanned. It's kind of like modern surveillance for the PI. You used to be stuck in the back of a windowless van for hours on end waiting for activity to video tape. Now, with technology, I can use a rented car, park it across from the subject location, use a pin-hole camera shot through mylar in the turn signal, control it via radio with a DTMF pad (pan, tilt, zoom), and have it transmit through a video repeater and watch or record it miles away in my office or hotel room ( if out of town ) while eating a pizza and watching "Party of Five" on the other TV. The technology today is phenomenal.
TF: Can you detect a wiretap if it is off site?
CH: Central office taps are nearly impossible to detect. Especially if it is an authorized tap. About the only way you will find out is when they produce the transcript at the trial.
TF: Can you detect it if it is on site?
CH: Almost all taps on-site can be detected by a competent electronic countermeasures technician. Most ECM techs are sloppy.
TF: Let's talk specifics. Doesn't any device working off of line power affect the electrical status of the line? Can't this change be detected?
CH: Yes, if it is using line power. There are several crystal controlled transmitter kits that work off of a battery and are very high impedance. I have seen these used in training sessions and the telco people miss them in a sweep of the line. If a knowledgeable amateur places them correctly, it is very difficult to locate them with line sweep gear.
TF: Ever run across any police wiretaps in your investigations? What happened?
CH: Most wire taps we run across are either amateur or what we call "wildcat" taps. A wildcat tap is an unauthorized tap usually performed by law enforcement to gain intelligence information. They then use the intel to build a case or to develop snitches. We have run across a few wildcat taps in our work and the resultant contact was not pleasant.
TF: Describe a typical bug.
CH: Typical bug is a crystal controlled FM transmitter with an electret mic attached directly to it or remoted via thin wire to the target listening position. With surface mount technology they can be quite small and powerful.
TF: Do most use line power or batteries?
CH: Cheap garbage uses line power, most higher end use batteries, high- high end use external exciter like microwave energy and the like.
TF: You talked about the cheaper bugs at Def Con. These seem to be the ones offered in catalogs, the so called "free oscillating types" that use the VHF band. Correct?
CH: Those are the ones. They are garbage. Most operate on Wide FM just outside the standard FM radio band, are low powered and very frequency unstable. We use them in training, however, at the basic level.
TF: Do you see any of them in use or is this strictly low budget?
CH: Seventh graders bugging their sister's room, disgruntled employees bugging the bosses office, that's about the extent of it. Don't see any in industrial espionage, but that doesn't mean we don't look for them
TF: Describe the difference between those bugs and the crystal controlled ones.
CH: Crystal controlled use far more transistors and, of course, a crystal for stability and power. Most are battery powered and hide in "nestled" frequencies near active services. All I know of are FM.
TF: What freqs do these bugs use?
CH:I have seen Low VHF, High VHF (old fed stuff is near wireless mic frequencies, new stuff is frequency hopping or spread spectrum). Some UHF, but not too many. Highest is usually near Military aero at around 300 MHz.
TF: What do they cost?
CH: From $50 to $200 in kit form.
TF: What's involved in a sweep? Walking around with a frequency counter?
CH: That's part of it, but it is much more extensive than that. Physical search is the most important. That means opening every electrical outlet, switch, light bulb base, etc., followed by an RF search over time with a sub-audible marker tone, spectrum analysis looking for anything that doesn't "belong", then a non-linear junction detector sweep, plus some other methods (especially for fiber optics) that we don't discuss.
TF: What is a "non linear junction sweep"?
CH: Basically a device that detects semi-conductors including surface mount components (transistors), etc. It is useful when sweeping a wall and you can't tear off all of the drywall, but you want to be sure nothing is behind it.
TF: Ever find any decoy bugs? That is, do people ever plant one that is easy to find and leave behind another?
CH: Very common, in fact, that is a good way to test a prospective electronic counter-measures service provider. Do it yourself.
TF: Ever find a transmitter but not find who did it?
CH: Most of the time, unless we have good background or advance intelligence. There are signatures in the business , however, that point fingers. It is a craft.
TF: What's the range on a good transmitter?
CH: In training I have seen up to four blocks on a battery powered telco transmitter correctly placed, and with good receiving equipment. Kind of like using a cordless phone.
TF: What's the neatest technical installation you've seen?
CH: Hard wire burst transmitter. They used a trace repair pen after placing the microphone to draw the leads for the mic to the transmitter, then painted over it. The transmitter used a chip to store information and then it transmitted it in "blips" which made it hard to detect.
TF: Any funny war story you can share?
CH: Not really funny but a client's employee kept getting a signal from near a light switch at a clients residence on top of a hill. The hill above was a congested radio repeater site, and the employee called us only after he had destroyed all the wallboard surrounding the light switch looking for the "bug". We found it was only a radio reflection off of the metal cornering they use on drywall interiors from a 50,000 watt radio station. We got all their business after that incident.
TF: Find many bosses syping on employees? How far do they go?
CH: We don't really run across this much since it is usually the boss that hires us. Have heard of it though. Lots of companies monitor and record fax traffic now. How far they can go depends on what kind of form you signed at the time of your employment. I have heard of them going as far as they could, till they got caught.
TF: How are faxes and data transmissions intercepted?
CH: Usually logged, recorded and stored on a PC, then later analyzed with software.
TF: Many offices use all digital PBX's. How does this affect monitoring when you have a digital signal? More expensive equipment needed?
CH: It's more expensive to monitor at the switch, but not at the individual telephone. PBX people, though, are a weak link. They're low paid and ripe for social engineering. It is a weak area we analyze for our clients.
TF: Ever hear of someone tapping an optic fiber line? Does the test equipment for it allow a person to do such a thing?
CH: It's available now, and I have heard from very reliable sources that there is a method that doesn't even involve a physical tap of the line but it's mega expensive and although not classified, it's reserved for the government types.
TF: What do you think of Zimmerman's effort to build a secure phone based on PGP?
CH: I'd love to buy a license and distribute it ! I'm waiting and watching. Like everyone else.
TF: Are scramblers silly?
CH: Cheap inversion scramblers are silly, STU phones and DES 3 are still useful. I use a transcrypt digital unit on my cell phone. All of the radios we use for our executive protection details are scrambled at a high level.
TF: What is a transcrypt digital unit?
CH:Transcrypt International makes a surface mount board that mounts inside a Motorola flip phone and mates to a Motorola supplied connector. To activate it, you simply press two digits on the keypad of the flip phone, and your voice is digitally encrypted and then decrypted at the other end by a Transcrypt hardwire phone, or another cell phone with compatible code and unit. There is something like four trillion code combinations to encrypt with. Those are programmed in by the dealer. It is a slick unit and we use them extensively. It is digitally controlled analog encryption and the voice channel sounds like static mixed with modem tones.
TF: Is it possible to tap a line without making a physical connection? That is, can you do it by induction? Like a pickup microphone on a guitar?
CH: Sure, all rules of electronics apply. You would probably have to amplify it and send it down another pair or via RF for any kind of distance.
Chris Hall, C.O.O. Executive Protection Associates, Inc. * Opinions Expressed are those of the author and NOT those of EPAI* EPAIWWW- http://www.mps.ohio-state.edu/cgibin/hpp?spook_stuff. html IAPPS WWW-http://www.mps.ohio-state.edu/cgi bin/hpp?Iapps_home.html
VI FEDERAL TOLL FRAUD LAW
I discussed California Penal Code $502.7 in the first issue. It prohibits both credit card fraud and electronic devices used to commit toll fraud. 18 U.S.C. 1029 is the rough federal equivalent. It does not, however, contain any specific language prohibiting electronic tone generators like rainbow boxes, red boxes or blue boxes. It is, instead, almost exclusively concerned with stolen codes and account numbers. The only electronic device it seems to prohibit are cloned cellular phones. You may have wondered what gets the Secret Service involved with toll fraud -- this law answers that question. Here is the full text of Title 18 United States Code section 1029 as I went to print in November, 1994. The digital telephony bill has since amended it. Those amendments will be in issue number 6 that comes out in May, 1995. My comments are in contained within asterisks.
$1029. Fraud and related activity in connection with access devices
(a) Whoever -- (1) knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices; (2) knowingly and with intent to defraud traffics in or uses one or more unauthorized access devices during any one-year period, and by such conducts obtains anything of value aggregating $1,000 or more during that period; (3) knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices; or (4) knowingly, and with intent to defraud, produces, traffics in, has control or custody of, or possesses device making equipment; shall, if the offense affects interstate or foreign commerce, be punished as provided in subsection (c) of this section.
*An access device is vaguely defined in section (e) later on. For now, think of an access device as any stolen code, stolen credit card or stolen telephone calling card. Any 'device' (a legal word of art) used to access someone else's account. You must run up a $1,000 bill before the Feds can come in. In reality, the government may not act at that level because of their caseload. You never know. They also have to connect you to the calls and the calls must cross state lines.*
(b)(1) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section. (2) Whoever is a party to a conspiracy of two or more persons to commit an offense under subsection (a) of this section, if any of the parties engage in any conduct in furtherance of such offense, shall be fined an amount not greater than the amount provided as the maximum fine for such offense under subsection (c) of this section or imprisoned not longer than one--half of the period provided as the maximum imprisonment for such offense under subsection (c) of this section, or both.
(c) The punishment for an offense under subsection (a) or (b)(1) of this section is -- (1) a fine of not more than the greater of $10,000 or twice the value obtained by the offense or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2) or (a)(3) of this section which does not occur after a conviction for another offense under either subsection, or an attempt to commit an offense punishable under this paragraph; (2) a fine of not more than the greater of $50,000 or twice the value obtained by the offense or imprisonment for not more than fifteen years, or both, in the case of a subsection (a)(1) or (a)(4) of this section which does not occur after a conviction for another offense under either such subsection, or an attempt to commit an offense punishable under this paragraph; and (3) a fine of not more than the greater of $100,000 or twice the value obtained by the offense or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a) which occurs after a conviction for another offense under this subsection, or an attempt to commit an offense punishable under this paragraph.
(d) The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate an offense under this section. Such authority of the United States Secret Service shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General.
*The Secret Service was first set up to fight counterfeiting during Lincoln's time. They've had different duties through the years but they are still used as the shock troops in many fraud related cases.*
(e) As used in this section - -
(1) the term "access device" means any card, plate, code, account number, or other means of account access that can be used, alone or in conjunction with another access device to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds (other than a transfer originated solely by paper instrument); (2) the term "counterfeit access device" means any access device that is counterfeit, fictitious, altered, or forged, or an identifiable component of an access device or a counterfeit access device: (3) the term "unauthorized access device" means any access device that is lost, stolen, expired, revoked, canceled, or obtained with intent to defraud; (4) the term "produce" includes design, alter, authenticate, duplicate or assemble; (5) the term "traffic" means transfer, or otherwise dispose of, to another, or impression designed or primarily used for making an access device or a counterfeit access device. (6) the term "device-making equipment" means any equipment, mechanism, or impression designed or primarily used for making an access device or a counterfeit access device.
*Does the definition of an access device include electronic tone generators? Bruce Sterling, author of The Hacker Crackdown thought so. He wrote that "[s]tandard phreaking devices, such as blue boxes, used to steal phone service from old fashioned mechanical switches are unquestionably "counterfeit access devices." Redboxes might be questionable as well. Sterling, though, wrote his comments in 1991, two years before the Brady case was decided.
In US v Brady, 820 F.Supp. 346 (D. Utah 1993), aff'd 13F3d 334 a man was accused of using and selling altered cellular phones in violation of section 1029. Brady set up his phones to tumble calls. Tumbling confuses a switch. It allows a call to be made without a bill to an account. The government contended that his phones accessed the accounts of the telco itself and hence constituted an access device. The court disagreed The court held that since his tumbled calls did not access a subscriber account they were not an access device within the meaning of section 1029. They did state that he would have violated section 1029 if he had cloned his phones. Cloned phones do access at least two accounts. The telco did keep an accounting of lost calls caused by tumbling. But that is not the same as an account itself. Lost blue box and red box calls are also kept track of when and if discovered. The court, in fact, specifically mentioned blue boxes in their decision. In so doing they gave us all a lot more hope that the Secret Service will not kick in our doors looking for tone generators:
"The Government maintains that the charges for 'unmatched' calls handled as thus described represent a "direct accounting loss" to Cellular One within the meaning of section 1029 as construed in McNutt. In effect, the Government argues that access to the cellular carrier's system translates into access to the carrrier's own accounts through which the cost of system usage is allocated within and between carriers. Yet the same reasoning would seem to apply to use of the older, less sophisticated "blue boxes" used to gain access to the long distance telephone system. A so called 'blue box' uses no account number or access code at all; it emits a 2600Hz tone which permitted the user to 'free ride,' to gain access to the system and place long distance calls which were not charged to any customer account [footnote deleted] See, e.g., United States v. Foster, 580 F.2d 388 (10th Cir.1978); United States v. Patterson, 528 F.2d 1037 (5th Cir.), cert. denied, 429 U.S. 942, 97 S.Ct. 361, 50 L.Ed.2d 313 (1976). Long distance calls placed with blue boxes are listed in telephone company records in a fashion similar to 'unmatched' cellular calls described by the Government's witnesses. This court has not found a reported case in which a 'blue box' used 'for the purposes of circumventing the charges on interstate long-distance calls' has been deemed to be an account 'access device' within the meaning of section 1029(e)(1) on the theory that the 'blue box' gained access to the telephone company's own accounts. See, e.g., United States v. Disla, 805 F.2d 1340."
Isn't the law fun? Think you're safe? At least from the Feds? Maybe. The court, after all, wasn't addressing the question of whether tone generators were covered by section 1029, they were deciding on whether a tumbling cellular phone was. These side opinions are called dicta. But let me tell you folks, this is dammed powerful dicta.*
(f) This section does not prohibit any lawfully authorized investigative, protective or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States, or any activity authorized under chapter 224 of this title. For purposes of this subsection, the term "State" includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States. -end-
MORE INFO? email@example.com
NEXT PAGE -->