privateline.com logo: Welcome to my site!

Privateline.com: Back Issues
Google
The Web Privateline.com

 
SITE MENU
HOME PAGE
Old Home Page
Advertise here
Cell Phone Plans
Cell Phone Basics
Clip Art/Images
Contact Me!
Daily Notes
Digital Basics
Telecom History
Links
Miscellany
Telecom News
Website Docs
Wired Telecom
Wireless Pages
Writers

Sub-Menu

Reserved

Reserved

Reserved

 
WiWPrivate Line Back Issues

private line magazine and e-zine back issue text archive. Caution when using any material here which is now very much dated.

(1)_(1A)_(2)_(2A)_(3)_(3A)_(4)_(4A)_(5)_(5A)_(6)_(6A)_(7)_(7A)
_(11)_(11A) (12)_(12A)

private line: a journal of inquiry into the telephone system

private line 5150 Fair Oaks Blvd. #101-348 Carmichael, CA 95608 USA

privateline@delphi.com (916) 978-0810 FAX

$27 a year for 6 issues. Mexican and Canadian subscriptions are $31 and overseas subscribers have to pay $44 :( A sample of the current issue is $4.00.

................................................................................

I. Editorial Page

II. Updates and Corrections

III. Letters

IV. The Internet Bridge

V. Cell Phone Basics, Part II

A. Toll Fraud

VI. An Interview With Damien Thorn

VII. The entire Digital Telephony Bill VIII The Text of 18 USC 1029 IX. The Text of 47 CFR 22.919 (The regulation prohibiting cloning)  

I. EDITORIAL PAGE

What's All This Stuff About The Law?

1. Welcome to a very different issue of private line. It contains much more on telecom law than I have ever put in. Much more, in fact, than I ever wanted to put in. The first mission of private line is to advance technical knowledge, especially for beginners. But I promised many people that I would include the text of the entire bill in this issue. I think that people should read this legislation. The problem was that I underestimated its size. To my horror the bill took up five full pages in unreadable eight point type once I keyboarded and scanned it in. Check out page 82 to get a sample. I then converted the text to nine point type. Better. That resulted, however, in nine pages. Gulp.

2. Well, since the article would take up so much room in unedited form, I decided to expand the magazine to 32 pages this issue. This allowed me to put in some comments and a few charts to make the bill a little more understandable. This was a very tough bill to make sense out of and organize. I used to do legal research for a living. My special resentment of this bill has to do with its complexity and the fact that an average per son had little chance of dealing with it when it was created. I think you'll see what I mean when you read it. By the way, my comments are meant to breakup the layout of the text -- nothing more. I know every one has their own opinion.

3. I'm writing this on April 6, 1995. I'm up to 67 subscribers and I am very happy about this. Subscriptions, back issue orders and news stand sales have now covered the cost of printing Number 4 and 5. That's a tremendous development. It gives me real encouragement to go forward and better the magazine. Thank you everybody.

4. The next issue will go back to regular telephone stuff. It will feature a field guide to outside plant equipment. This is the issue that I have wanted to do for a year! I am really looking forward to putting It together. It may include as many as twenty photographs. You'll be able to use it, for instance, to identify all those mysterious green telco boxes by the side of the road. 1'11 have pictures, too, of things I've mentioned before. Like open wire and solar powered payphones and party line phones. I'11 also have an article on how to build your own telephone system for $25. private line marks its first anniversary in June. Thanks again and I'11 see you all again in July.  

UPDATES AND CORRECTIONS

5. More magazines and newsletters: On The Line is the magazine of the California Payphone Association. It is a California publication but it does have news from around the country. Similar in feel to Public Communications. Should you get both? I think so. Send them five dollars for a sample and judge for yourself. Their address is: On The Line, c/o California Payphone Association, 2610 Crow Canyon Rd., Suite 150, San Ramon, CA 94583.

6. Telecom Publishing Group produces a number of interesting and very expensive newsletters and reports. The Report on AT&T, for example, claims to be the only newsletter that "focuses on AT&T and its bloody turf battles" It comes out twice a month. It goes along with The Report on AT&T FaxAlert; a bulletin by fax that comes out within 24 hours of any surprise move by the long distance carrier. Sounds great but it will cost you $697 a year. They also produce Information Networks, Mobile Data Report, FCC Report, Telco Business Report, Local Competition Report, State Telephone Regulation Report and Advanced Wireless Communications. These range from $397 to $591 a year for 24 issues. Oh, well. The one good thing is that they don't charge $35 for a sample like the Phillips' newsletters. They'll send you a free copy of one if you really want it. Telecom Publishing Group, 1101 King Street, Suite 444, Alexandria, VA 22314. 1-800-739-452-8011 (orders) or (703) 739-6437.

7. Blacklisted! 411 is an interesting, 2600 like magazine that's produced quarterly in southern California. They call themselves "The Official Hackers Magazine!" You can order it through the Tower chain now or in the future, possibly, through Fine Print Distributors. Or send $4.95 for a sample to Blacklist! 411, P.O. Box 2506, Cypress, CA 90630. (310) 596-4673.

8. Maurice Onraet mailed me copies of EDN and Electronic Design. EDN bills itself as "The Design Magazine of the Electronics Industry." It's a monthly that touches on a few telecom subjects from time to time. The Cahners Publishing Company publishes it 38 times a year. Supposedly $120 a year to non- qualified subscribers in the U.S., though it looks like you could get a free sub. Write for a sample: EDN, 8773 South Ridgeline Blvd., Highlands Ranch, CO 80126-2329. (303) 470-4445. Electronic Design is a real find. It's published by Penton Publishing, Inc. This twice monthly magazine occasionally features articles that directly impact telecom. Goldberg's article on PCS in the February 6, 1995 edition, for example, was a better read than a similar article in the expensive IEEE Personal Communications. Electronic Design has a $105 suggested subscription price but, again, I think you ought to try for a free sub. I really recommend that you write or call for a sample. Penton Publishing Subscription Lockbox, P.O. Box 96732, Chicago, Il 60693. (216) 696-7000.

9. Cellular Marketing is another resource for cellular information. It's a monthly that David Crowe says is now taking a more technical orientation. Annual subscriptions are $29 in the US and $39 in Canada and Mexico. Their subscription address is Argus Circulation Center, PO Box 41528, Nashville, TN 37204. The editorial address is 6300 South Syracuse Way, Suite 650, Englewood, CO 80111.

10. For you web types, AT&T is offering some of their industry newsletters on the web for two months. In a March 6, 1995 press release, AT&T promised that their home page would carry samples of 24 technical and business newsletters that it produces for its internal business units and AT&T Bell Laboratories. Sample issues of the publications would be accessible without charge in April and May. In return, users will be asked to evaluate the material. "The trial will determine how useful the newsletters will be to individuals and institutions outside of AT&T," according to Ralph Quinn, of the AT&T Information Services Network. "After the trial, the publications will be offered on the Internet at special charter prices." This seems a mixed blessing. Some of these publications may have had a closed subscriber list before. But AT&T will undoubtedly charge some very high rates once the trial is over. Oh, well. Their URL is: http://www.att.com/newsls/index.html. For inquiries about the trial, call the AT&T Information Services Network at 908-582-2619, or send E-mail to rmq@library.att.com.

11. There's been quite a bit of interest in the telecom related magazine list. I've decided to consolidate all the magazines described in one easy to read list. I'll update it as I get additions or corrections. Send me $2.00 (cash only, please) and a number 10 S.A.S.E. and I'll send you the current list. In addition, I'll extend your subscription by one issue if you can supply me some current, detailed information on any of the following: Telekom Praxis (German), Funkschau (German), Commutations & Refutations (French), Philips Telecommunications Review, Electrical Communication (published by Alcatel), Ericsson Review; Siemens Telecom Report; Northern Telecom Magazine, or Telesis (Canadian). I will also extend your sub if you tell me about any other telecom magazine that my readers would be interested in.

12. I've made a wonderful discovery! The McGraw-Hill Telecommunications Factbook is the best overall book about the telephone system that I have yet found. It is current and in print. Nothing on coin line services or cellular but otherwise a great read. It even explains tariffs. Good, clear diagrams. I recommend it without reservation. Around $30. Get this book. The rent can wait. Here's a quotation from a comprehensive chapter on telecommunications fundamentals. This small section is about PBX operation in a private network: "In the simplest case, referred to as point-to-point tie-line service, users access a trunk between two locations by dialing an access code (unique to the tie trunk between those two locations), followed by the desired station extension. For example a user on a PBX in Chicago calling a PBX in New York City might dial 8-368- xxxx. The digit 8 accesses a tie trunk group, 368 selects a dedicated tie trunk between the Chicago and New York City PBXs, and xxxx represents the called party's extension. A user on a PBX in Washington, DC, might dial 8-479-xxxx to reach that same New York City party over dedicated tie trunks between Washington, DC, and New York City. A unique exchange number would thus exist for each called location in this rudimentary private network, depending upon the location of the originating call. A private network call from Chicago to Washington, DC, could also be completed via the New York City PBX if the calling party first accesses the New York PBX and then manually dials the same access code for Washington, DC, that a New York caller would use. This type of service is known as manual dial tandem tie-line service and it cannot automatically route calls through multiple PBXs to take maximum advantage of network transmission facilities, or seek alternate routes if first choice trunks are busy." Great stuff. And that's just two paragraphs out of 374 pages worth of information. The McGraw-Hill Telecommunications Factbook is published by McGraw-Hill, Inc. Joseph A. Pecar, Roger J.O'Connor and David A. Garbin are the authors. The ISBN number is 0-07-049183-6. It's a paperback and it cost me $29.95. You should be able to order it from any book store since it is in print. You can also call McGraw Hill at 1-800-822-8158 to order. Failing that, try writing to them at Order Services, 860 Taylor Station Road, Blacklick, Ohio, 43004. And no, I don't make a dime off this. Your editor pays for all of his books.

13. ImOkey submitted an article from the Numismatic News about coin phone tokens. I'll reprint it next issue when I get more space.

14. A few notes on the Roseville Telephone Company Museum. The museum is open from 10 a.m. to 4:00 p.m. on Saturdays only. I recommended seeing an antique store that had old telephones. The lady who ran American Antiques has since passed away. The collection of old telephones got moved out of that building and sold to private collectors.

15. I stated in the first issue that Ericksson digital were installed in many Motorola built cell sites. Uh, no. Ericksson installed AXE 10's for many non-wireline carriers. The wireline carriers tended to use Motorola equipment. Many non wireline carriers use Ericksson. Motorola or Ericsson would only install their own equipment. To take this further, each carrier builds its own base station, maintains its own tower and uses their own MTSO. One carrier will keep functioning even if something happens to the other.

16. I don't want to turn private line into The Payphone Journal but there's something I need to discuss at length. People tired of coin line signaling can turn to the next article. I've gone over the differences between COCOT and telco payphones at some length. Much of that discussion revolved around my argument that red boxing wasn't possible from COCOTs. I contended that in the case of a 1+ call, for example, the payphone itself fixed the rates and checked the coins deposited. It didn't need, consequently, to signal any network resource like ACTS. A red box tone, therefore, would go into nowhere and do nothing as a result.

17. Well, what if you call an operator? What if you wanted them to place the call for you? What now? What happens when she asks you to deposit $1.25? It's most likely that the standard redbox tone gets delivered over the voice channel to the operator. You don't hear it on your end because the audio gets muted when it's transmitted. Many COCOT owners contract with AT&T or other mainstream companies to provide operator services. I cannot imagine a special tone to accommodate COCOTs. The bottom line? Red boxing may work from certain older COCOTs that haven't been updated. Ones that don't use a coin validator or circuitry that either mutes the mouthpiece or filters out any quarter tone originating from the transmitter.

18. Going further, the voice channel may also be used to initiate coin return and coin collect. These would have to communicate directly with the COCOT since there isn't any special equipment at the CO to trigger a COCOT, unlike the telco payphone with its dedicated coin line. So what might these COCOT frequencies be? How about a steady tone of 697Hz & 1633Hz for coin return, 770Hz & 1633Hz for splash back (alerts a telco operator that the call needs special handling) and 852Hz & 1633Hz for coin collect? These tones differ considerably from the telco ones, such as those published in the last issue. You should recognize these tones. They are silver box tones, the "A", "B", and "C" keys respectively. Any extended DTMF keypad should generate them. See what you get for reading patents? Check out patent 4,924,497, Pay Station Telephone Interface Circuits at your nearest Patent and Trademark Libary or send $3.00 to the PTO to get all 33 pages of it. Check or money order to: Commissioner of Patents and Trademarks, Box 9, Washington, DC 20231.

19. There is one caveat to add to the above discussion. The patent involved mentions standard red box tones. Yet the other three are different from the usual telco tones. Are the normal tones now obsolete or do operater service provider equipment distinguish between COCOT and telco? They should be able to produce different tones but I don't know if they do. COCOTs are registered with different databases to prevent such things as calling collect to a payphone. It is possible that a particular tone is sent depending on the ANI.

20. I mention this confusion over signaling because we are moving toward the next generation of payphone signals: digital. On The Line reports that several telecom companies are working with Pacific Bell to "lay the technological groundwork for further competition in local service in California." That includes testing the delivery of COCOT payphone signals over digital lines. Whoa. Amtel, a large COCOT provider, is the sole private payphone participant in these tests. They'll work the COCOT angle while the rest of the companies "develop standards for interconnection and interoperability of multiple networks, the processes and systems required to support these standards, and the delivery of support services such as 911 . . ." Yeah, yeah, yea. Back to the digital line.

21. ISDN and Switched 56 need only an extra twisted pair. The telco doesn't have to put in any special wiring to support these services -- just two sets of conventional twisted pair. It may indeed be possible to have a public picture phone in the near future, say around the turn of the century. Stay tuned.

III LETTERS

22. Dear private line,

I'm reading the latest issue of private line and have a few comments for you. First of all, pages 36 and 49 are totally blank in my copy, not even the page numbers are there. I hope this is a problem limited to just a few copies. Next, debit vs. credit cards. I know this is confusing to folks who don't spend their lives as accountants, or, in my case, programming accounting software. Debit and credit have nothing to do with positive or negative balances -- they mean the left and right side of the ledger. The value of the potential calls on the cards is an asset -- one increases the accounting for assets by increasing the debit side of the balance sheet part of the ledger. The bill you run up on your credit card is a liability -- which are increased on the right or credit side. The confusion stems from banking. Customer accounts in banks are actually liabilities to the banks, so crediting one's account means an increase in the bank's liability. And that's just the debit, or left side of the ledger. . .

Enough accounting. You note how the collector appeal of phone cards has artificially jacked up the prices. In Japan. where the whole thing got started (Local phone calls are dirt cheap in Japan), and before the sales tax, I and S yen coins disappeared and the 10 yen coin - the cost of a local 2 or 3 minute call, was on its way out) calling cards are usually a bargain. Sure, there are collector cards, but the generic variety buys more message units that a similar amount of 10 and 50 yen coins. Regarding magazines -- I wrote an article in Poppin' Zits!, later reprinted in Whole Earth Review, about hacking subscriptions to invisible literature (or specialized trade magazines). At one point, my girlfriend and I collected subs to over 100 of them, and we never paid more than a stamp. I got my start in programming after devouring issues of Data Nation and related publications. I could fax you a copy, and if you're interested in reprinting some of it, I might be able to find the original file and email it to you. Keep up the great work.

Jerod Pore jerod23@netcom.com

23. "There were at least 60 defective copies of private line Number 5. That's out of a press run of 1000. I found out about it after I mailed my subscribers copies. Those with a defective copy should drop me a line and 1'11 mail you a good copy with all the pages. The terminology of calling cards is confusing. I may run through the terms again when I do an article on the switches involved."

24. Dear private line,

I just received private line number 5 in the mail today. I think your list of magazines and newsletters is excellent. You did miss Cellular Marketing Magazine. While in the past this was probably more fluffy than Cellular Business (which isn't as bad as your reader says), it now has three excellent columnists: Andy Seybold, Lawrence Harte, who wrote a book on digital cellular, and myself. (Well, two excellent columnists and one mediocre ... myself.) It is trying to take a more technical focus.

Your article on cellular fell down on the concept of validation. First of all, ESNs and MlNs cannot be fully validated independently, they are only valid as a pair. Secondly, the HLR is part of the home system, and is only one of three components that are used in validation. The MSC (MTSO) has contact with the subscriber. The VLR contains a database of roamers (conceptually, it is usually physically part of the MSC). The HLR is remote (for roamers) and contains the 'master record' for each subscriber. The term HLR has been around a lot longer than Coral Systems and is I believe a CCIT term (now renamed ITU-T, International Telecommunications Union).

The databases developed by GTE and EDS are not as important as they used to be. Switches and HLRs that comply to the IS-41 standard can avoid them completely. The GTE and EDS systems did contain lists of individual MlNs and, more importantly, ESNs that were bad. However. any validation of part of the MIN/ESN pair is less good than going whole hog. The reason why GTE and EDS developed those databases is that it took so long for the cellular industry to develop the standards and networks to allow full real- time validation; i.e. TIA Interim Standard IS-41 running over mostly SS7 networks.

David Crowe 71574.3157@compuserve.com

25 "David Crowe writes Cellular Networking Perspectives. Many of the terms he discusses above are explained and diagrammatically represented in a special issue of that newsletter called "IS-41 Explained ". You can write for a free copy of it by sending a request to Cellular Networking Perspectives, 2636 Toronto Crescent NW, Calgary, AB T2N 3WI."

26. Dear private line,

Please accept this sample copy. As you can see, we have advertising only. Buyers and sellers of telecom equipment. The "Yellow Paper" of broker/dealers. I'm not sure I under stand your publication but please send it to me and I'll send you a 3d class subscription (2 years.) Thanks.

Judy B. Smith Telephone International, Inc.

27. Thanks for the sub. I don't understand this publication myself. It's not a hacker zine or a corporate telecom magazine. Even my subscribers don't quite understand it, as evidenced by the following.

28. TO: Mr. TOM FARLEY FROM: CHRIS THORNTON

I AM GLAD TO HEAR FROM YOU AND I DID RECEIVE THE lST. ISSUE. THE INFORMATION LOOKED VERY MUCH LIKE THE CELLULAR PHONE TECHNICAL INFO IN THE MOTOROLA CELLULAR PHONE TECHNICIAN GUIDE, WHICH IS THE SAME INFO THAT IT SEEMS EVERY ONE IS AFTER IN THE CELLULAR UNDER WORLD. BUT I AM NEW AT HACKING, PHONE PHREAKING, ACCESSING GOV. COMPUTERS AND ETC. HOW DO I PUT TO USE THE INFO YOU PROVIDED IN PRIVATE LINE? PLEASE INCLUDE A STEP BY STEP PROCESS. YOU COULD USE THE WORD "MAYBE" TO COVER LEGAL ASPECTS IN FRONT OF SENTENCES LIKE "MAYBE THIS IS METHOD A PERSON WOULD USE TO ACCESS & USE ANOTHER PERSON'S CELLULAR PHONE OR GOVERNMENT COMPUTER MODEM PHONE #. AND PRODUCE DETAILED EXACT STEPS TO GAIN ACCESS AND WHERE TO GET THE EQUIPMENT MANUALS TO GET ACCESS. IN MY OPINION YOUR FINANCIAL PROBLEMS WILL GO AWAY AS DID THE 2600 MAG WHEN THEY BASICALLY DID THE ABOVE BUT NOW 2600 HAS BECAME A LAME DUCK BECAUSE THEY GOT AWAY FROM WHAT MADE THEM THE KIND OF STEP BY STEP GENERAL AND TECHNICAL INFO LISTED ABOVE. I AM INTERESTED IN THE GOV. INTELLIGENCE, TREASURY, FEDERAL RESERVE, GOV. BIOCOMPUTER, PHONE COMPANIES' MODEM PHONE #'S /PASSWORDS AND ACCESSING LOCAL T.V.A., GOV. COMPUTERS THEN NETWORKING TO OTHER GOV. COMPUTERS WHY? TO BE CHARGED ONLY A LOCAL CALL ON A PHONE BILL .

29. "HMMM. WHERE TO START? SHOULD I? THE INFORMATION contained in the cellular article last issue was derived from all of the materials I cited. I do all my own research and writing. It may look similar to what others have done but it is not the same. The AMPS call processing diagram, for example, is quite similar to a chart first produced by OKI and later copied by such people as Gibson in Cellular Mobile Radiotelephones. The original chart was, to me, unreadable and aimless. I thought I did a good job of taking that information and making it understandable. Maybe not. I have not seen the Motorola manual you refer to. I can tell you that I haven't had any luck getting manual retailers to advertise or to correspond. Maybe you'll have better luck: Automated Info: Technical Manual Experts (619) 931-0259 or (800) 331-6939; Phone Guys USA (714)-843-9999 (800) 322-5443; or Technicom (908) 446- 0317. There's also Ventura Electronics but I don't have any current info.

I explained in the last issue that I'm not interested in writing specific hacking articles. There are too many things I want to cover in general first. In addition, some of my articles may not have any practical application. I wrote about post pay in the first issue, for example, because no one else had written about it, not because the article would be practical.

I do encourage people, however, to contribute anything they have written that is specific or utilitarian. It would help make private line a more interesting magazine. To this date, though, there have not been any articles submitted to me for publication. Writing an article might help you gain some of the practicality you so desire. Pick a subject. Research it. Do some field work. Write out your notes and then combine them to produce a story. The only way that I really learn something is by experimenting and then writing."

IV. THE INTERNET BRIDGE

I'm starting this service and column to help subscribers who have technical questions that Damien or I can't answer. I'm limiting it to those with no net access, those who can't take advantage of the various telecom groups. I'll post your question to comp.dcom.telecom.tech; the most technical of the USENET newsgroups. Send me a #10 S.A.S.E. with your question. I'll engage in the discussion needed to get an answer. Be prepared to wait -- some of the best questions go unanswered or languish for weeks before a response comes through. I'll then drop the reply, if any, into the mail once I get it. Don't be suprised if the answer produces more questions on your part. Let's run through an example of how this worked recently. I got a letter and a old Specialized Products catalog last week from a subscriber in Minnesota. The reader wrote, in part, the following: "I have a question. Note on page 167, in the second paragraph from the top, the text states, 'Additionally, a momentary send 2713Hz button is provided to actuate Bell Model 829 Loopback devices. The AM-44 fully complies with Bell System Technical Reference (BSTR) 41009.' What is a Bell 829 Loopback device? What does it do? How does a person access it? Can it generate ringbacks? Or test dial speeds? Or provide loopback circuits for testing circuit quality? Does the mentioned Technical Reference provide insight?" Hmmm. Another mystery. Just what I needed. I posted the basic question to the group. Two days later I got this private reply from Ken Wells in the Marshall Islands: "The last time I saw an 829 was seven years ago. I am not sure how many are installed these days. But I am sure there are still thousands out there. The 829 was used to terminate a 4-wire analog circuit at the customer premise. Essentially, it was a demarcation point. The 829 could be looped from the central office with the 2713 tone. It could also be looped from either end of the circuit. I can remember looping circuits in Huntsville, Alabama (Marshall Space Flight Center) to all parts of the country. We inject a tone and loop the distant end and send and receive tones for testing. Before the Bell System breakup, the 'telephone company' would install their modems (2096A for example) on the 'customer' side of the 829. Most 829s I worked with were Western Electric. Some later models were made by Telco Systems (called 829AF). Now, the local phone company takes the circuit from the long haul carrier and terminates it. The customer no longer has to buy or lease the analog modem from Telco. There were several versions of 829. Some were fixed level. Others had adjustable levels (attenuation from WECO). Telco Systems units required power and provided gain also. One version had front panel jacks and another did not. I think we used 829B mostly. I guess the short answer is that an 829 terminates a 4- wire analog circuit. I think I have a Bell System Practice on the 829. If you are interested or just curious, I will be happy to fax it to you. Just e-mail your fax number. No problem whatsoever." As it turned out, Ken didn't have the BSP on hand but he graciously sent the same information from an AT&T manual. The BSPs, by the way, were Bell System standards, uniform practices and procedures used by the Baby Bells. Bellcore still publishes these in an updated form for many phone companies to follow. Adding to our discussion was a public reply from Wayne Huffman: "The 829 is used to test the levels on a voice-grade analog private line -- there used to be tons of these. You accessed the circuit (in the AT&T C.O., we used a SMAS panel -- I think that stands for Switched Measurement Access System). You'd split the circuit, and then send the 2713Hz tone. The 829 loopback unit, installed where the line terminated at the customer premise, would do exactly that -- loop the tx and rx pair together, to give you continuity for testing. A 1004Hz tone was sent out the tx side, and measured on the rx side, and compared against the circuit layout card, which had the spec for that circuit. If all tested well, we'd give it to the LEC to dispatch for a customer premise trouble. Sending the 2713Hz again dropped the loopback. If you were at the customer premises, you could hear the relay click, and there was a 'LPBK' light to show the line was looped. Sometimes, that was the only trouble -- someone left it looped. These units are small slide-in cards, often mounted in a single 'Teletrend' housing with a brick AC adapter. Most of this stuff is digital now, I think." I think these responses answer the questions put, don't you? At least enough to go further? I had been putting off learning about four wire signaling but I guess I'll have to read up on it now. Would you like to see more of this kind of article? As a footnote, I sent both men copies of private line for their trouble. In addition, it turns out that Ken has written a ten page report on the 900 industry -- a how to guide. Non-corporate material on this subject is hard to find. "The Straight Scoop on the Pay-Per-Call Industry," is available for $10.00 from Kenneth R. Wells, 1142 Auahi Street, Suite 2014, Honolulu, Hawaii. 96814 (Checks, money orders, VISA, MC) Or order from 1-800-482-FACT.

V. CELLULAR PHONE BASICS, PART II

We looked at AMPS and analog call processing last issue. Now let's go digital. TDMA or time division multiple access is the most commonly used digital cellular system in America. Call set up is the same as for AMPS. A conversation gets passed to TDMA once the call gets going. TDMA systems and most TDMA phones can handle AMPS calls as well. TDMA's chief benefit comes from increasing call capacity -- a channel can carry three conversations instead of just one. But, you say, so can NAMPS, Motorola's analog system that we looked at last issue. What's the big deal?

NAMPS can carry the same number of calls as most TDMA systems. NAMPS though, has the same fading problems as normal AMPS, it lacks the error correction that digital systems provide and it isn't sophisticated enough to handle encryption or advanced services. Things such as calling number identification, extension phone service and messaging. In addition, you can't monitor a TDMA conversation as easily as an analog call. So, there are other reasons than call capacity to move to a different system. Many people ascribe these benefits to TDMA because it is a digital system. Yes and no. Advanced features depend on digital but conserving bandwidth does not. How's that? Three conversations get handled on a single frequency. Call capacity increases. But is that a virtue of digital? No, it is a virtue of multiplexing. A digital signal does not automatically mean less bandwidth, in fact, it may mean more. [1] Multiplexing means transmitting two or more conversations on the same frequency at once. In this case, small parts of three conversations get sent simultaneously. This is not the same as NAMPS, which splits the frequency band into three discrete sub- frequencies of 10khz apiece. TDMA uses the whole frequency to transmit while NAMPS does not. NAMPS does not involve multiplexing. And besides, TDMA is a hybrid system, combining both analog and digital components. It must be since it uses the AMPS protocol to set up calls. Despite what the marketing boys say, only CDMA or code division multiple access is a fully digital system. More on CDMA later. Let's look at some TDMA basics first. We see that going digital doesn't mean anything special. A multiplexed digital signal is what is key. Each frequency gets divided into six repeating time slots or frames. Two slots in each frame get assigned for each call. An empty slot serves as a guard space. This may sound esoteric but it is not. Time division multiplexing is a proven technology. It's the basis for T1, still the backbone of digital transmission in this country. Using this method, a T1 line can carry 24 separate phone lines into your house or business with just an extra twisted pair. Demultiplexing those conversations is no more difficult than adding the right board to a PC. TDMA is a little different than TDM but it does have a long history in satellite working. What is important to understand is that the system synchronizes each mobile with a master clock when a phone initiates or receives a call. It assigns a specific time slot for that call to use during the conversation. Think of a circus carousel and three groups of kids waiting for a ride. The horses represent a time slot. Let's say there are eight horses on the carousel. Each group of kids gets told to jump on a different colored horse when it comes around. One group rides a red horse, one rides a white one and the other one rides a black horse. They ride the carousel until they get off at a designated point. Now, if our kids were orderly, you'd see three lines of children descending on the carousel with one line of kids moving away. In the case of TDMA, one revolution of the ride might represent one frame. This precisely synchronized system keeps everyone's call in order. This synchronization continues throughout the call. Timing information is in every frame. Any digital scheme, though, is no circus. The actual complexity of these systems is daunting. I invite you to read further if you are interested. [2] There are variations of TDMA. The only one that I am aware of in America is E-TDMA. It's operated in Mobile, Alabama by Bell South. Hughes Network Systems developed E-TDMA or Enhanced TDMA. It runs on their equipment. Hughes developed much of their expertise in this area with satellites. E-TDMA seems to be a dynamic system. Slots get assigned a frame position as needed. Let's say that you are listening to your wife or a girlfriend. She's doing all the talking because you've forgotten her birthday. Again. Your transmit path is open but it's not doing much. As I understand it, "digital speech interpolation" or DSI stuffs the frame that your call would normally use with other bits from other calls. In other words, it fills in the quiet spaces in your call with other information. DSI kicks in when your signal level drops to a pre-determined level. Call capacity gets increased over normal TDMA. This trick had been limited before to very high density telephone trunks passing traffic between toll offices. Their system also uses half rate vocoders, advanced speech compression equipment that can double the amount of calls carried. Code Division Multiple Access has many variants as well. InterDigital, for example, produces a broadband CDMA system called B-CDMA that is different from Qualcomm's narrowband CDMA system. For this article, however, I'll just mention a few things. I give references at the end of the article for those going further. [3] A CDMA system assigns a specific digital code to each user or mobile on the system. It then encodes each bit of information transmitted from each user. These codes are so specific that dozens of users can transmit simultaneously on the same frequency without interference to each other. They are so specific that there is no need for adjacent cell sites to use different frequencies as in AMPS and TDMA. Every cell site can transmit on every frequency available to the wireline or non-wireline carrier. CDMA, is also much less prone to interference than AMPS or TDMA. That's because the specificity of the coded signals helps a CDMA system treat other radio signals and interference as irrelevant noise. Some of the details of CDMA are also interesting. Qualcomm's CDMA system uses some very advanced speech compression techniques, in particular, a variable rate vocoder. Phil Karn, one of the principal engineers has written that it "[O]perates at data rates of 1200, 2400, 4800 and 9600 bps. When a user talks, the 9600 bps data rate is generally used. When the user stops talking, the vocoder generally idles at 1200 bps so you still hear background noise; the phone doesn't just 'go dead'. The vocoder works with 20 millisecond frames, so each frame can be 3, 6, 12 or 24 bytes long, including overhead. The rate can be changed arbitrarily from frame to frame under control of the vocoder." This is really sophisticated technology. Expect CDMA to get going this year in more markets. As I understand it, the Los Angeles area has one carrier providing CDMA right at the moment. In the Seattle area, NewVector was to have a Qualcomm type CDMA system operating by now but that date keeps getting pushed back. Bell Atlantic Mobile and NYNEX Mobile recently announced that they will deploy CDMA throughout their coverage areas but they gave no dates. My feeling is that the future is with this technology.

Toll Fraud --

I promised a look at some current information on cell fraud in the last issue. The information I found, though. doesn't make much sense. The ranges of dollar amounts given by industry can only be labeled as guesses. Before beginning, let's look at telecom in general to give us some perspective. Last yet the FCC held a hearing on telecommunication fraud. The report stated that industry and Secret Service officials estimate that toll fraud runs between I billion and 5 billion dollars a year 141 That's against an annual billing of 175 billion in 1993. Let's take the high figure and say that toll fraud takes 3.5% of industry revenue. Figures on cell fraud vary widely as well. The Seattle Post Intelligencer reported late last year that law enforcement and industry officials claimed that cell fraud costs between 400 million and one billion dollars per year. The head of CTlA's (Cellular Tele communications Industry Association) fraud task force, however, told Newsday on November 30, 1994 that cell fraud cost his industry a million dollars a day. I've seen that one million dollar figure many times, in articles such as the San Francisco Chronicle on November 1, 1994 and the Sacramento Business Journal on October 31, 1994. We must assume that they were reporting previous year's figures for reasons I explain later. I've chosen to stay with this CTIA estimate because they are the leading trade organization. Based on 9 billion dollars in cellular billing in 1993, we come out with a figure of 4% in fraud for the same year. I suspect these figures for several reasons. The main problem with industry estimates and CTIA figures is that they don't break down the figures. There is no way, therefore, to distinguish between subscription fraud, stolen phone fraud or access fraud. Everything gets lumped into the big category of fraud. Everyone who ever stiffed a carrier to run up a bill or stole a phone to call Indonesia is practicing cellular fraud. Yet the CTIA makes believe that cell phone cloning is the number one problem. I suspect that the real problem Is bad debt. There are currently 25 million phones in America with over 27,000 subscribers signing up every day. A cellular dealer gets a percentage from each person they sign up. I know they run credit checks but I'd like to see some real accounting on the number of bad accounts.

The CTIA, though, tightly controls the flow of most information about the cellular industry. Even Standard and Poor's Industry Surveys, a widely respected publication, is forced to use CTIA figures to develop their reports on the cellular trade. 151 Let me run through an example of how hard it is to get any information from them and how worthless it is once you get it. New York carriers now require their customers to use PIN numbers before making a call, In explaining reasons why, the CTIA came up with some specific numbers for the first time. They told the Wall Street Journal on February 3d that cellular operators lost $482 million to fraud in 1994, a 32% increase over the previous year.

This lost revenue supposedly amounted to 3.7% of the industry's $13 billion revenues in 1994. This figure was sharply higher than the million dollar a day mantra they chanted in 1994. What gives? Was it $482 million that they claim now or $365 million like they claimed last year? Part of the problem is that they report these figures on a fiscal basis. June instead of January. So things get hard to follow. But I hadn't seen anything this high when I last checked in with them on January 22, 1995. A 32 percent increase in fraud during 1994 would mean that a loss of 365 million dollars occurred in the previous fiscal year of 1993. The cellular industry was a 9 billion dollar industry during that time. I have in my possession, however, a CTIA document from 1993 that contradicts this. A report on fraud dated November 18, 1993 states that "There is no official reporting system, but private estimates by carriers and others range from $100 million to $300 million dollars a year." Well, well. What is it this time? $365 million? $300 million? $100 million? There's a discrepancy of at least 65 million dollars in fiscal year 1993 according to their own figures.

Leaving aside the fact that CTIA knows how to count profits but not losses, let me tell you how to get this four page report. It's called "Fast Facts: Cellular Telephone Fraud". Dial CTlA's free fax on demand service at (202) 758-0721. Press the pound sign when you hear the automated operator and then enter 3116 when it asks you for a document. Don't hit the wrong key -- you'll wind up in their voice mail system:) And believe it or not, this is still the document that they deliver to the public by fax to report on fraud. How concerned can they be when they don't even update their figures? When they don't get them right In the first place? And are their new figures any more accurate than what they had before? Or does that $482 million dollar figure also have a range? And can we assume that there is now an official reporting system? And how much of that loss is from dead beats? Or stolen phones? The CTIA may well have knocked down the percentage of fraud from 4% to 3.7%. It may even be below the industry rate for fraud right now. But their fraud squad is growing and you won't see them go away.

They've not only helped the Secret Service rewrite 18 U.S.C. as I described on page 81, but they are now buying the S.S. the latest cellular equipment to keep them up to date. I resent this shadow police force becoming a part of our lives, especially when they can't provide the information necessary to support their paranoia.

I mentioned that the New York area is moving to PINs. What's interesting is that NYNEX uses hookflash to deliver the PIN and not an easily poachable DTMF tone or data burst. I'm not sure how it gets sent. One hookflash is normally 400 ms. of signaling tone sent over the reverse voice channel. A four digit pin would need multiple bursts of carefully spaced ST to accomplish the task. 40% of NYNEX customers have adopted PINs as of April 17. Cellular One, though, is floating the idea of requiring customers to use digital phones at the end of the year, to help combat fraud. Good luck. Two competing firms are currently working on radio fingerprinting technology to block fraudulent calls. Corsair Communications of Sunnyvale is a spin-off of TRW Wireless Communications. TRW holds a minority interest in the company. Corsair's product is called "PhonePrint" and it is currently moving through the patent process so we can't take a look at the specifics just yet. Nor will TRW comment. The PTO does not release patent information while an invention is being considered (Just to let you know, you can get copies of the entire patent file for $125 from the PTO once a patent gets approved. This includes material submitted by the applicant for the examiner to consider. That might be dozens of documents concerning the patent that interests you.) I did get one TRW employee to tell me, however, that their technology fingerprints each phone off the air when it registers. There is no need to bring the phone to a dealer to have its profile logged. New phones and existing phones get profiled together. Their system stores an analog signal profile of the transmissions from a particular phone from any location once it is first sent. Cloned phones get denied service when their profile doesn't match the signature assigned to the original phone.

Cellular Technical Services or CTS is a Seattle software company. They write programs for McCaw Cellular and others. Its finger printing product is called Blackbird, which they claim has been in development for three years. Los Angeles Telephone has already installed the system at 50 cell sites. They claim that field 90% of cloned phones were blocked during trials. Plans are to install the equipment in Miami and New York as well. The wireline carrier will probably use one fingerprinting program and the non wireline carrier will use the other. Look for these programs in only high fraud areas -- NYNEX claims they spend $15 million a year on anti-fraud technology -- a lot of fraud must take place to justify this cost. There are also simple ways to cut down on cloning. Motorola's "Clone Clear" is a program that works with Motorola switches. It simply denies service to any phone with the same ESN/MIN that tries to register while another phone with that combination is in use. It doesn't determine which phone is valid -- it just keeps one off the air. The carrier gets notified of a clone once the legitimate caller complains.

Let me leave you with a funny story. Air Touch says that over 400 people have been arrested in the Los Angeles area for cloned phone fraud. Industry sources claim that 60% to 70% of cell phone traffic on a Friday night in Oakland is pirated. Despite the notoriety over cloning, it's obvious that the message isn't getting out about its legality. A recent post to a USENET group by a telecom employee asked if cloning was legal in California. I quickly responded by citing case law, regulatory law and statutory law to support my view that cloning was definitely NOT LEGAL! To assure him that I wasn't some sort of CTIA goon, I wrote back later. I said that I didn't have a problem with cloning when a husband and wife, for example, shared two different phones with the same ESN/MIN. They save a flat monthly by doing that, but it is, of course, illegal. Much to my suprise, this employee of a major firm wrote back that:

"My situation is that I support law enforcement communications systems and have been asked by a local police chief if I would like for his son to clone my phone for me. The PD has numerous cloned phones in use. We're asking the DA for a legal opinion, based on your information."

Thanks again. (name of individual and firm withheld)

[1] "The most noticeable disadvantage that is directly associated with digital systems is the additional bandwidth necessary to carry the digital signal as opposed to its analog counterpart. A standard T1 transmission link carrying a DS-1 signal transmits 24 voice channels of about 4kHz each. The digital transmission rate on the link is 1.544 Mbps, and the bandwidth required is about 772 kHz. Since only 96 kHz would be required to carry 24 analog channels (4kHz x 24 channels), about eight times as much bandwidth is required to carry the digitally (722kHz / 96 = 8.04). The extra bandwidth is effectively traded for the lower signal to noise ratio." Fike, John L. and George Friend, Understanding Telephone Electronics SAMS, Carmel 1983

[2] There's a wealth of general information on TDMA available. You won't have any problem looking it up. Aside from magazines, these books have snippets of information: Macario, Raymond Cellular Radio: Principles and Design McGraw Hill, Inc., New York 1993 161; and Myers, Robert A. ed., Encyclopedia of Telecommunications Academic Press, Inc. San Diego 1989 321;

[3] Karn refers to On the System Design Aspects of Code Division Multiple Access (CDMA) Applied to Digital Cellular and Personal Communications Networks by Allen Salmasi and Klein S. Gilhousen [WT6G], from the Proceedings of the 41st IEEE Vehicular Technology Conference, St. Louis MO May 19-22 1991 and the May 1991 IEEE Transactions on Vehicular Technology, which has several papers on CDMA. (The Transactions are collections of papers published by the IEEE on every conceivable piece of electronic technology.)\

[4] The paper I'm referring to is contained in a Notice of Proposed Rulemaking issued by the FCC in early 1994 based upon an En Banc Hearing on Toll Fraud. It is at Compu$erve under the title of FRAUD.TXT . It has many interesting comments by industry types on PBX fraud, payphone fraud, cell fraud, etc. I don't have an exact date on it but the docket number is CC Docket 93-292. It may be available from the FCC's duplicating contractor: International Transcription Service at (202) 857-3800.

[5] Standard and Poors's Industry Surveys come out every week on a different trade. Their reports of telecommunications are always top notch. Check out the September 22, 1994 (Vol. 162, No. 38, Sec 1.) for a good, current analysis of telecom.

NB: Write to Communications Test Instruments (CTI) for some interesting information on cellular phone tracking and direction finding equipment. Rt. 1 South, P.O. Box 712, Kennebunk, Maine 04043

VI. AN INTERVIEW WITH DAMIEN THORN

I first met Damien Thorn at Def Con last summer. I was impressed that he was writing for Nuts and Volts and that he had written for 2600 and Tap. I thought this interview might be a good way to introduce him to private line's readers. In the immediate future, we may reprint some of his more popular articles for Nuts and Volts, but only after they have been expanded, updated and revised for private line. They will also have different photographs and more of them. This interview was done in Stockton in March. It's shorter than I wanted but we were both under deadline pressure for other articles and projects. Apologies.

What got you interested in hacking?

This all goes back to when I was 11 to 13 years old. I really wasn't hacking, I was just trying to learn things. Talking basically to anyone with the phone company that I could. I grew up near Berkeley and my interest was in phones before there were any computers to get involved with. The first switches that I saw were in Oakland. The office that housed them had an ESS No. 1 and step by step equipment. I heard MF tones blaring out of a speaker at a test board during one visit to that office. I asked the guy what they were. Because I had always heard those when I when I called my cousin and I always wondered about them. He said he couldn't talk about that and ushered us into the next room. I used to go to UC Berkeley and hang out at their computer lab and at the Lawrence Hall of Science above the university. I'd play with actual teletypes spitting out rolls of yellow teletype paper with tape punch readers on the side. There wasn't much hacking then, I mean, I looked over people's shoulders, shoulder surfing, snag passwords to other accounts, but to this day I couldn't even tell you what computer these teletypes were hooked up to. By the time I was 15 or 16 I was living in the central valley. Ronnie Schnell and I had hacked Compuserve and their competitor The Source. Several hours into the process of downloading all the accounts and passwords that existed on the system, including those of the Dialcom computers that ran The Source, we kept getting these messages to call a "Fritz" at Dialcom immediately. Well, after talking to Fritz, Dialcom offered to pay us five bucks an hour to find all their security holes and tell them so they could patch them up. Which we did for a long time, while installing some back doors of our own. Maybe six months into that they thought they had their system pretty secure and they sent all their subscribers notices telling them to change their passwords. This was unbeknownst to us. In addition, they started

encrypting their passwords. They changed everything at midnight one night and effectively locked us out of the system. The Source was a computer service operated by Readers' Digest. They didn't own the computers, which were PRIMES, operated by Dialcom in Silver Springs, Maryland. Dialcom also did e-mail for the government and things like that. Governmental agencies and what not. I think that bothered Dialcom a lot more than The Source. That's because all their systems were pretty much the same, just different applications of software running on them. It wasn't just Source user id's we were pulling out but the Environmental Protection Agencies' ids, mailboxes and so on.

What about TAP magazine?

The first issue came out in June, 1971. At that point I think it started as YIPL: Youth International Party Line; Abbie Hoffman had his hand in there somewhere. I think it was intended more as a counterculture, screw the government type of thing. Within a few issues it had evolved into being more telco related. Screw the telco, here's how it works, here's how you away with something. I came in later, say, within 20 issues of its demise. The first article I wrote? I'm not sure, there were a couple I wrote under several different nom-de-plumes which I'd rather not mention. If people want to research it they can go take a look and figure it out. But one was on COSMOS; I get to claim the distinction of writing the first article on how the COSMOS system worked. Essentially, COSMOS is a UNIX application that is used basically for data entry and database management for where the phone company's wires go. What pair goes with which wire. Things like that. At that time that stuff was really cutting edge because it was brand new, there were very few hackers, and not a lot of phone phreaks. And today I look at things that have been published in zines like Phrack. that go on for page after page after page about COSMOS and it makes back then look like what it was -- kids stuff. The end of TAP? The spring of 1984. Some circumstances happened with the editor's house apparently burning down, some suspicious circumstances. Cheshire Catalyst, the number two person in charge tried to revive it. A couple more issues came out and then it faded away. He went off into the corporate world and became a security consultant.

What about blue boxing?

I had a friend in the Bay Area who designed and built blue boxes and actually got caught. They were able to put an DNR on his line. Apparently at the time the way the law was interpreted that the telco and law enforcement could also record on audio tape the first thirty seconds of your phone calls simply for the purposes of identifying who on that number was making the offending calls.

Any stupid phone tricks you can relate from yesteryear?

The usual. Blue boxing from pay phone to payphone by looping. You could also loop with Sprint. There was no easy access, you were dialing a seven digit number to access their network. So you'd access their network locally, key in your Sprint code and then call their POP in Texas. You'd get the Sprint dial tone, key in a number back in California or whatever, New York, and start looping around until eventualy the signal is so degraded that the switch can't decode the touch tones. Or you'll get so much glare on the line that the circuit goes into a feedback loop.

How is your BBS, Hacking Online, set up?

Hacking Online is a small network, running on an Intel platform. A 486 DX266 machine with intelligent serial cards. We currently support ten lines on that machine. It handles communications: works the modems, has a port speed lock of 57.6 kbps, handles all the basic stuff. Our file libraries exist on two SCSI drives which comprise four gigs. There's also two CD ROM drives online. The other parts of the network handle our internet messaging, e-mail and our USENET feed which comes in by satellite. There's a dish on top of the roof which feeds a basic PC that gets the data coming from the satellite receiver. It's all processed and shot through the network to where the operating system (the BBS) can import it. We run Glacticomm's Major BBS software.

Why a satellite for the USENET feed?

USENET feeds can take up 80 megs a day. Transferring 80 megs over a dial up phone line with a 14.4 modem would take up about twenty hours. That would be an expensive connection, especially since there is no local internet provider. Our internet messaging, our e-mail, is done through a dial up UUCP, which stands for UNIX to UNIX Copy Protocol. Essentially, our PC, for the purposes of sending and receiving mail, emulates a UNIX machine, makes a call to a Bay Area UNIX machine through an X.25 network so we're not paying toll on that. The machines engage in the appropriate handshaking, hands off the packets that contain our outgoing mail and then receives our incoming mail, the connections terminate at each end, the software unbundles and uncompresses the mail and distributes it appropriately.  

What's slowing down the internet connection?

Anyone who wants to get on the internet needs to go through a service provider who has a host, connected through a leased line or a T1 carrier to the net. Well, "the net" of course is a euphemism because there is no net where you just plug in. And then they provide the client software such as FTP, telnet, and gopher which you use to go places or download files. A lot of areas don't have that, including where we are here in Stockton. And you know, we're just fifty miles south of Sacramento. So we want to establish that service, to become the local internet provider. People in Stockton, anyone who wanted to call us here in Stockton, or Modesto or wherever we put our own little POPs, could get a local internet connection. Once the leased line is in, expanding just becomes putting a terminal server in another city with a router and connecting a leased line between it and us here. The costs are outrageous. There's an initial hardware investment which is expected and I can't complain about that. Getting the leased line to another provider who will serve as our connection is where the expense comes in. California is divided into different LATAs, which are geographical and political subdivisions which make no sense. If we want to connect to Peter Shipley's service in the Bay Area, for example, we have some problems. We may be able to get a fractional T1 from Pacific Bell for three or four hundred dollars a month up to the LATA point, then we have to pay a long distance carrier another couple of hundred bucks to take it across the LATA and then pay Pacific Bell again to carry it from the long distance carrier's POP to Shipley's facility. Our subscribers, though, would benefit from us being accessible from the net. Most of them, almost all of them, in fact, are not within our local calling area. We have people calling in every day from as far away as Venezuela and Scotland, so they would rather call their local internet provider and telnet over to us.

You're in small claims court with Pacific Bell?

We had some problems with installation. I wanted them to discount their installation fee for missing their appointment and generally screwing up the order. They said they couldn't because their fees are regulated by tariff and they have to charge everyone the same amount. We then called the state public utility commission here in California and they basically said the same thing. They told us that the phone company, though, is civilly liable for missed appointments like any public utilities under Senate Bill 101. They said we should just file a small claims suit. So, we called Pacific Bell's corporate office and told them what the PUC said. They admitted that was the case and they noted in the record that they had missed the appointment. So, because they can't discount my bill, I have to force them into court to write me a check. It's the principal of the thing. They hide behind the tariffs, there's nothing they can do. It pretty much shields them from being responsible for their actions. Well,

I told them that we would sue them and we did. That's where we are right now.

Where do you think cellular is going?

I don't think we're going to see much change in 1995. The cloning problem I think will continue as it does now, which is an acceptable loss to the carrier. There's not going to be much done about it. I think we'll see some testing of fraud prevention systems begin this year but things will basically continue as they are.

What's up with this video of yours?

The intent of the video was to let people actually see the technology that I've written about and that others have written about. Lot of people have read articles about Motorola programming software or how ESNs are snagged out of the air. We try to show it. Here's a firmware replacement, this is the chip. Here's the ESN in a Radio Shack phone, here's how you type over it. 'Type, type type.' We took a lot of technology and demonstrated it. Almost all of it was done in different places, none of it was done over a kitchen table. We went everywhere from the Berkeley hills to just outside the area of our local switch in Stockton. We also visited Tech Support Systems in Menlo Park, the manufacturer of a cellular surveillance device in a briefcase. We had them demo it. Things like that.  

-- LOCAL DIAL UP PROBLEMS --  

Local internet connections aren't just a problem for potential providers such as Hacking Online. Many of my readers live beyond a local dialup for internet service. This interesting article from Gannet highlights the situation:

If he didn't live in Pinehurst, N.C., Sydney Gregory might already be on-line. But the retired businessman knows that if he joins Prodigy, Compuserve or America Online, he'll have to pay expensive long distance charges. Most of the "local" access numbers they provide are in larger metro areas, not in small towns like Pinehurst, a golfing mecca between Charlotte and Fayetteville. "They all spread the word how wonderful these programs are, but never mention (phone costs) if you're not in a larger community," he says. "They should be more forthcoming." Mark Dorosh of Shepherdstown, W.Va., agrees. The musician and student, 33, had to quit America Online after racking up a $200 long-distance bill the first month. Shepherdstown has a state college connected to Internet (as a student, Dorosh has access), but he covets America Online's extensive library of electronic music files. "Here I am, 70 miles from the nation's capital, America Online is 73 miles away, and the closest local number is 300 miles the other way, he says. While Prodigy and Compuserve maintain their own local access points, America Online uses phone connections provided by SprintNet and Tymnet, says spokeswoman Pam McGraw, so adding new numbers is "a net work provider issue." Sprint has 500 access points (300 in the USA) and gets many letters and petitions asking for more. "This has really become an issue with users," says spokeswoman Evette Fulton. "Sprint has to prioritize, because demand is coming in big-time." There are "no magic numbers," she says, but population density, computer sales and higher education are among factors considered in deciding if "computer traffic in an area can sustain the cost" of adding new points. Prodigy's Brian Ek says 80 per cent of its customers have local access, through Tymnet sites and its own 442-point network; Andy Boyer of Compuserve says it reaches 92 percent, and "100 per cent local dial is a very real goal." Compuserve members reach the service via 380 access points (340 in the USA). About 120,000 U.S. users don't have local access many connect either by an $8-an hour phone line or "telneting in" from another computer on the Internet.  

-- WHAT IS A POP? --  

POP stands for point of presence. A POP is a switch. It's the place where calls go in a local area or LATA to a long distance provider. It's what's accessed when you dial a 10XXX code. Let's take an example. Let's say you use Sprint and that you want to make a long distance call. Your local exchange carrier, the one providing your local phone service, takes the call from the central office serving you and routes it to a bigger switch, often an access tandem switch like a No. 4ESS. From there, your call is routed on trunks to a POP, which is often located near a LATA boundary. Your call goes there and gets routed to Sprint's long distance network. There can be several POPs in any given LATA, depending on geography. You can tell that areas such as Cook County or New York city would need several. In Sprint's case, it is most probable that they own their own equipment at each Point of Presence and that dedicated trunks carry Sprint traffic to and from the POP. Is this clear? In other words, a POP serves as the point that a long distance carrier connects to the local exchange carrier. This connection occurs at a switch. The IXC can usually determine the location for its POP.

A 10XXX code identifies each long distance carrier. This serves to direct the call to the right long distance company through the switch at the POP. 102888 for AT&T, 10222 for MCI, 10333 for Sprint and so on. Smaller companies may lease space on a switch if they don't have their own facility. Thus, some LD carriers may operate in certain areas but not in others. The majority of smaller long distance carriers actually use AT&T's network.

VII. THE DIGITAL TELEPHONY BILL

The article contains the full text of the Digital Telephony Bill. It's officially known as the "Communications Assistance for Law Enforcement Act." It was originally called "The Telecommunications Carrier's Duty Act of 1994" while making its way through Congress. Whatever you call it, this bill represents the greatest threat to electronic privacy that Americans have ever faced. Whether that threat will be carried out is a matter of debate and speculation. What is not open to debate is that law enforcement has been given the approval, the means and the money to listen in on any call at any time from anywhere. The phone system will be turned into a giant listening post, with capabilities beyond the dreams of any old line communist leader. Stalin would be envious.

This bill modifies or amends Title 18 of the U.S. Code as well as Title 47. Title 18 deals with both federal crimes and federal criminal procedure. Criminal law. Think of it as a federal penal code. Title 18 comprises 14 volumes in annotated form! That's a lot of crime. The bill modifies, for example, section 1029, which I covered in the third issue. Title 47 deals with general law concerning telegraphs, telephones and radio telegraphs. Civil law. The bill creates a new chapter in this title as well amending dozens of existing laws. Check out the chart on the opposite page. Okay, you say, it's one big bill. Mucho details. What's the bottom line?

The bottom line is that you and your friends are at risk. Aren't there positives? Yes and no. Yes, encryption is not banned. But that is not a benefit of the bill. You've had the right to use and develop an encryption based phone all along. Some say that that the bill requires surveillance to be conducted with the "affirmative action of the telecommunications carrier" and that this is a good thing. Nonsense. Wiretaps and REMOBS have always required such intervention to be legal. The problem now is that the such monitoring equipment will be permanently installed into nearly every central office switch in America. Big Brother used to leave. Well. friends, he's now staying put.

The biggest positive is that the system they envision is so complex from a legal and technical standpoint, that the whole thing may collapse under its own weight. We can only hope. Speaking of complexity, the only way to put this kind of omnibus legislation into perspective is to look at each individual code section affected. And those sections are scattered throughout several titles, not just 18 and 47. Teams of lawyers drafted this monstrosity. Special interest groups fought for various sentences, paragraphs and semi-colons over a period of months and countless revisions. It could be argued that no one outside of the players involved, could understand the entire bill. The average citizen never had a chance. As complex as this bill may seem, however, it is really more complicated than it appears. That's because statutes don't stand on their own. The United States Code constitutes statutory law. A legislative body drafts and passes statutes.

Regulatory law is made by administrative bodies. Like the FCC or the Justice Department. Regulations enable statutes. They make the law specific. Statutes tell you what the law is. Regulations tell you how the law will be carried out. Not all codes have a corresponding regulation but many do. For example, this bill declares that $500,000,000 gets paid by the government to the telephone companies. This blood money helps with the cost of installing the equipment that the bill itself requires. But how do you dispense a half billion dollars? Section 109 of this bill requires that the Attorney General and the FCC get together to pass the regulations needed to carry out the payments. So, this bill is just one part of an even bigger body of law. In addition, case law or common law modifies both statutory and regulatory law. I featured Section 1029 in the last issue. 1029 did not specifically state that cloned cellular phones were access devices. $1029, after all, was first drafted before cloning became a problem. The court in US v Brady, though, strongly suggested that they were. Legislators often incorporate or codify statutory law by amending code sections once case law comes down. "Oh. we forgot to put in cloned phones? Okay, let's change the law and include them. Next problem." It is completely predictable that new technology and new court decisions will affect the Digital Telephony Bill.

So, we have statutory law. regulatory law and case law. Each may affect the other.. In addition, the law is never administered fairly or evenly in all cases at all times. How the law is actually carried out is as important as what is written down. The bill makes listening in on cord less phones illegal. The penalty, though, is only $500, about what they fine you for littering in California. So, there won't be much prosecution going forward over that section. Unless you are a Mitnick type in which case you will be hounded for it. But if you are a member of law enforcement and you just happen to have a scanner, well, you know what the response will be.

NEXT PAGE -->
privateline.com logo http://www.privateline.com: West Sacramento, California, USA. A Tom Farley production

 

 

  
OF NOTE


Sponsor
Aslan logo
Aslan Technologies
Link to Aslan

Sponsor

Reserved