[sci.electronics] Task Force recommends amending ECPA

antenna@well.sf.ca.us (Robert Horvitz) (05/31/91)

 
A "Privacy and Technology Task Force," assembled by Sen. Patrick
Leahy, has recommended that the Electronic Communications
Privacy Act of 1986 (ECPA) be amended to add penalties for the
intentional interception of radio signals from cordless phones,
wireless data communications, personal communications networks,
radio PBXs, advanced Special Mobile Radio systems, and
CT2/Telepoint radiotelephones.
 
The Task Force also recommends that the ECPA's penalties for 
intentional interception be adjusted to focus on "targeted
surveillance of specific communications";  that manufacturers
be encouraged to put warning labels on "customer premises
telephone equipment"; and that Congress examine "encryption
technology and its potential impact on enhancing the privacy,
security, and authenticity of electronic communications."
 
In addition, the Task Force's report (delivered to Sen. Leahy on
May 28th) discusses Caller ID, ID blocking, automated dossier-
building, protection for personal electronic transaction
data, and government monitoring of data networks.  But consensus
recommendations were not offered on amending the ECPA in these
areas.
 
According to Cathy Russell, counsel for the Senate Subcommittee
on Technology and the Law, Sen. Leahy has not decided how
to respond to the report.  No hearings are scheduled yet,
and the recommendations have not been translated into draft
legislation.  However, something will surely be done to show
that Congress cares about electronic privacy.
 
Here is a long excerpt from the radio part of the 23-page
report.  Capitalized words were set in boldface in the original:
 
 
"...Computer companies are experimenting with, and seeking FCC
licenses for, 'wireless' modems which can transmit data between
computers without the computers being wired together, either
directly or through phone lines.  Such modems will have
applications in several environments including the transmission
of data from remote sites (a kind of cellular laptop computer)
as well as within an office environment (wireless local area
network or LAN)... Under current FCC proceedings, there is a
likelihood that such communications will not be protected unless
the user goes to the expense of full data encryption.  THE TASK
FORCE RECOMMENDS APPROPRIATE AMENDMENTS TO LEGALLY PROTECT
DIGITAL COMMUNICATIONS OF THIS TYPE FROM UNAUTHORIZED
INTERCEPTION. 
 
"...Cordless phones have reduced the transmission power so that
the phenomenon of having calls blast through on an FM radio
receiver has been eliminated.  Cordless phones also have begun
to utilize technology which permits the call to be carried
between the handset and base unit on more than one frequency.
This feature can and is available to add security and privacy to
the phone call.  The next generation of phones will utilize
digital transmission technology which will make interception
more difficult.
 
"Perhaps the most important change since 1986, though, is not
technological but societal.  The cordless phone, far from being
a novelty item used only at `poolside,' has become ubiquitous.
A leading telephone equipment supplier now sells as many
cordless telephone units as wired sets.  It is projected that
cordless phones will be in use in 68% of American households by
the end of the decade.  More and more communications are being
carried out by people in private, in their homes and offices,
with an expectation that such calls are just like any other
phone call.  Given such technological changes and under such
societal circumstances, the task force concluded that to relieve
the government of the duty to obtain a warrant before monitoring
such communications is to vitiate much of the protection which
should be afforded to communications privacy by the federal
wiretap law and the Fourth Amendment.  THEREFORE, THE TASK FORCE
RECOMMENDS THAT CONSIDERATION BE GIVEN TO ELIMINATION OF THE
EXEMPTION FOR CORDLESS PHONES, WHILE PRESERVING AN EXCEPTION FOR
UNINTENTIONAL OR ACCIDENTAL PRIVATE PARTY INTERCEPTION.
 
"In recommending both the maintenance and extension of legal
protection for `wireless' radio communications, the task force
is aware that inexpensive, widely available scanners and other
devices are available that make it possible to intercept radio
communications.  The task force strongly believes that such
technologies should not defeat citizens' reasonable expectation
of privacy against government intrusion and that government
agents should conduct electronic surveillance of the
technologies described above only under appropriate court
authorization.  At the same time, criminal sanctions could be
overbroad in criminalizing inadvertent and unintentional
interceptions of radio communications by persons with access who
legally possess and use scanner and other devices that intercept
radio communications.  The existence of monitoring devices makes
it difficult to rely solely on legal protections against
third-party eavesdropping.  The task force is aware that legal
protections may not go far enough in affording citizens real
privacy protection against intentional but undetected private
surveillance.  For example, concerns were expressed by a number
of task force members that technical privacy enhancing features
for radio-based systems should be more rapidly deployed by
manufacturers and service providers.
 
"To rectify this situation, the task force does not want to
overcriminalize in this area, i.e., penalize unintentional
conduct.  THE TASK FORCE IS OF THE VIEW THAT THE RIGHTS OF
PRIVATE CITIZENS USING RADIO SCANNERS CAN APPROPRIATELY BE
ADDRESSED BY CLEARLY SETTING FORTH INTENT REQUIREMENTS IN THE
ACT, BY TYING THE CRIMINAL PENALTY TO TARGETED SURVEILLANCE OF
SPECIFIC COMMUNICATIONS AND BY FURTHER ADJUSTING THE CIVIL AND
CRIMINAL PENALTY STRUCTURE OF THE ACT, RATHER THAN EXEMPTING
WHOLE CATEGORIES OF TELEPHONE TECHNOLOGIES AND THUS MAKING THEM
FAIR GAME FOR MONITORING BY GOVERNMENT AGENTS WITHOUT A WARRANT,
CORPORATE SPIES, OR JUST PLAIN SNOOPS.
 
"Second, in order to ensure that citizens both understand the
vulnerability of particular radio technologies to private,
intentional, illegal interception and to encourage industry to
develop and market communications devices that are less
vulnerable to intrusion, THE TASK FORCE ENDORSES THE CONCEPT
THAT ECPA SHOULD BE AMENDED IN SUCH A WAY AS TO ENCOURAGE THE
PLACEMENT OF WARNINGS AND NOTICE OF THE VULNERABILITY OF
CUSTOMER PREMISES TELEPHONE EQUIPMENT ON SPECIFIC [CUSTOMER
PREMISES EQUIPMENT] AND THAT MANUFACTURERS BE ENCOURAGED TO MAKE
CONSUMERS AWARE OF THE TECHNICAL LEVELS OF PRIVACY ON DIFFERENT
TYPES OF EQUIPMENT.  The task force believes this will encourage
industry to compete with each other in developing devices which
are more secure.  THE TASK FORCE BELIEVES CONGRESS SHOULD WORK
WITH THE FCC, INDUSTRY, AND TECHNICAL EXPERTS TO FUTHER EXPLORE
WAYS TO ENHANCE THE SECURITY OF DIFFERENT TYPES OF EQUIPMENT AND
TO FURTHER EXPLORE WAYS TO ENHANCE CONSUMER AWARENESS OF THE
SECURITY OF DIFFERENT TYPES OF EQUIPMENT AND LAWS PERTAINING TO
COMMUNICATIONS PRIVACY.  IN PARTICULAR, THE TASK FORCE
RECOMMENDS THE EXAMINATION OF ENCRYPTION TECHNOLOGY AND ITS
POTENTIAL IMPACT ON ENHANCING THE PRIVACY, SECURITY, AND
AUTHENTICITY OF ELECTRONIC COMMUNICATIONS.  THE TASK FORCE
FURTHER ENCOURAGES COMMUNICATIONS SERVICE PROVIDERS TO CONTINUE
TO EXPLORE THE INCORPORATION OF ENCRYPTION AND OTHER PRIVACY
ENHANCING FEATURES IN NEW COMMUNICATIONS SERVICES, SO AS TO
IMPROVE COMMUNICATIONS PRIVACY..."
 
- - - - -
 
rh:  While I disagree with many parts of this report, at least
there is some recognition that receiver owners have rights, too,
and not just those who transmit.
 
If you would like to express your views on the report, or
suggest possible amendments to the ECPA, you can write to:
 
John Podesta
Chairman, Privacy & Technology Task Force
424 C Street NE
Washington, DC 20002
 
or
 
Senator Patrick Leahy, Chairman
Subcommittee on Technology and the Law
815 Hart Senate Office Building
Washington, DC 20510

-- 
!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|.!.|
Robert Horvitz    1122-1/2 E St. SE    Washington, DC 20003-2232    USA
                      uucp:  ...uunet!capital!rhorvitz

smith@sndpit.enet.dec.com (Willie Smith) (05/31/91)

In article <25147@well.sf.ca.us>, 
	antenna@well.sf.ca.us (Robert Horvitz) writes...
>A "Privacy and Technology Task Force," assembled by Sen. Patrick
>Leahy, has recommended that the Electronic Communications
>Privacy Act of 1986 (ECPA) be amended to add penalties for the
>intentional interception of radio signals from [...]
>wireless data communications, personal communications networks,

Wow, so I couldn't set my TNC to "MONITOR ON", and the status of listening 
to the various 2-meter repeaters I hear on my commute gets fuzzy too.  
Clever...
	1/2 :+)

Willie Smith
smith@sndpit.enet.dec.com
smith%sndpit.enet.dec.com@decwrl.dec.com
{Usenet!Backbone}!decwrl!sndpit.enet.dec.com!smith

gary@ke4zv.UUCP (Gary Coffman) (06/01/91)

A general comment on privacy issues. No one should have *any* expectation
of privacy for any transmission that intrudes on the property of others
unless that intrusion is deliberate and contractually agreed upon. It
should be *solely* the operator of such transmission equipment's 
responsibility to take whatever technical measures necessary to insure 
the degree of privacy desired for the contents of any intrusive transmission. 
There should be no criminalization whatsoever for the possession or use
of any form of receiving equipment.

In layman's terms, if I shout at my wife, and the neighbors hear, it's
my problem, not theirs. It should not be a crime for them to have their
ears open to any sound that may cross their property. This is only
common sense, and any law that attempts to operate contrary to common
sense is automatically bad law.

Gary KE4ZV

vail@tegra.COM (Johnathan Vail) (06/05/91)

antenna@well.sf.ca.us writes:

	[text of ECPA ammendments]

    rh:  While I disagree with many parts of this report, at least
    there is some recognition that receiver owners have rights, too,
    and not just those who transmit.

I didn't see any of that in the report.  What I saw was what looks
like an attempt to protect the privacy of radio by passing more laws
saying it is illegal to listen.  Then they go on to say that maybe
they should also pass a law to force manufacturers to tell consumers
that their equipment isn't private after all.  Then they finish by
wishing that they had better technology to fix the problem in the
first place.

My summary:

 	1) Pass a stupid unenforceable law.
	2) Pass another law to warn people that the first law doesn't
		work.
	3) Wish that technology would make radio private in the first
		place because the other laws don't really do anything
		about privacy of radio.

Not to flame, though.  I appreciate the report and the addresses of
the appropriate people to write to.



"A screaming comes across the sky"
 _____
|     | Johnathan Vail | n1dxg@tegra.com
|Tegra| (508) 663-7435 | N1DXG@448.625-(WorldNet)
 -----  jv@n1dxg.ampr.org {...sun!sunne ..uunet}!tegra!vail

kaufman@neon.Stanford.EDU (Marc T. Kaufman) (06/05/91)

vail@tegra.COM (Johnathan Vail) writes:


>antenna@well.sf.ca.us writes:

-	[text of ECPA ammendments]

-    rh:  While I disagree with many parts of this report, at least
-    there is some recognition that receiver owners have rights, too,
-    and not just those who transmit.

>I didn't see any of that in the report.  What I saw was what looks
>like an attempt to protect the privacy of radio by passing more laws
>saying it is illegal to listen.  Then they go on to say that maybe
>they should also pass a law to force manufacturers to tell consumers
>that their equipment isn't private after all.  Then they finish by
>wishing that they had better technology to fix the problem in the
>first place.

Not quite.  What they said was that it is illegal for GOVERNMENT to use
the results of listening in a prosecution, if the government did not have
a court authorization.  This makes the conversation "private" in a legal
sense, if not in practice.  I think the question the amendments are trying
to address is: should the government have the RIGHT to listen (and use what
you say against you) just because they have the TECHNOLOGY to do so.
Remember, the government probably has the technology to listen to you even
if you encrypt against casual listeners.

Marc Kaufman (kaufman@Neon.stanford.edu)

6500hage@ucsbuxa.ucsb.edu (William F. Hagen) (06/06/91)

Maybe legislation should be included that requires
private radio communication to prevent its transmissions
from going places where they dont want it listened to.
Ie., if someones radio waves are entering my premises, maybe         
they are intruding or invading my property and my only 
protection is to listen and see what the intrusion is.

phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN) (06/06/91)

vail@tegra.COM (Johnathan Vail) writes:

>My summary:
>
> 	1) Pass a stupid unenforceable law.
>	2) Pass another law to warn people that the first law doesn't
>		work.
>	3) Wish that technology would make radio private in the first
>		place because the other laws don't really do anything
>		about privacy of radio.

This technology is already known and exists.  It's not quite as cheap
as it could be, and would be if it were part of the wider consumer use
of radio spectrum (e.g. cellular).

If there is going to be a law passed, let it be one that requires the
use of encrypted radio communications as the only means to achieve
private communications.  Require it absolutely for commom carriers.
-- 
 /***************************************************************************\
/ Phil Howard -- KA9WGN -- phil@ux1.cso.uiuc.edu   |  Guns don't aim guns at  \
\ Lietuva laisva -- Brivu Latviju -- Eesti vabaks  |  people; CRIMINALS do!!  /
 \***************************************************************************/

vail@tegra.COM (Johnathan Vail) (06/06/91)

In article <1991Jun5.160706.24871@neon.Stanford.EDU> kaufman@neon.Stanford.EDU (Marc T. Kaufman) writes:

   vail@tegra.COM (Johnathan Vail (Me!)) writes:
   >antenna@well.sf.ca.us writes:

   -	[text of ECPA ammendments]

   -    rh:  While I disagree with many parts of this report, at least
   -    there is some recognition that receiver owners have rights, too,
   -    and not just those who transmit.

   >I didn't see any of that in the report.  What I saw was what looks
   >like an attempt to protect the privacy of radio by passing more laws
   >saying it is illegal to listen.  Then they go on to say that maybe
   >they should also pass a law to force manufacturers to tell consumers
   >that their equipment isn't private after all.  Then they finish by
   >wishing that they had better technology to fix the problem in the
   >first place.

   Not quite.  What they said was that it is illegal for GOVERNMENT to use
   the results of listening in a prosecution, if the government did not have
   a court authorization.  This makes the conversation "private" in a legal
   sense, if not in practice.  I think the question the amendments are trying
   to address is: should the government have the RIGHT to listen (and use what
   you say against you) just because they have the TECHNOLOGY to do so.
   Remember, the government probably has the technology to listen to you even
   if you encrypt against casual listeners.

hmmm I reread the original post and I see what you are saying but
nowhere did it state specifically that listening is legal.  What they
did  (in my opinion) was to recognize that it is unreasonable to
enforce the law on the average citizen with a scanner.  As I see it
not only would the original ECPA be upheld but cordless phones would
now be "protected" be the amendment.

They use the word 'intentional' a lot implying that that the casual
listener can get away with it somehow.  It does specifically state the
the govt needs a warrant.

If I 'intentionally' tune my R7000 to 49 or 800 MHZ to listen to
whats going on I would be in violation of the law.

That is the way I read the proposed ammendment and I feel that this is
wrong.


jv


.   .  The end of the world doesn't come suddenly and without warning. To
 9 3   imagine it does is to be fooled by popular misconception and thus
  .    fail to recognize the larger picture.  The end of the world is an
       ongoing process.  It starts slowly, imperceptably then blossoms
       unnoticed in our very midst until it has engulfed all that there is
       and none is free from its spell.
 _____
|     | Johnathan Vail | n1dxg@tegra.com
|Tegra| (508) 663-7435 | N1DXG@448.625-(WorldNet)
 -----  jv@n1dxg.ampr.org {...sun!sunne ..uunet}!tegra!vail

jeff@markets.amix.com (Jeff Crilly N6ZFX) (06/08/91)

In article <1991Jun6.044639.20039@ux1.cso.uiuc.edu> phil@ux1.cso.uiuc.edu (Phil Howard KA9WGN) writes:
>vail@tegra.COM (Johnathan Vail) writes:
>
>>My summary:
>>
>> 	1) Pass a stupid unenforceable law.
>>	2) Pass another law to warn people that the first law doesn't
>>		work.
>>	3) Wish that technology would make radio private in the first
>>		place because the other laws don't really do anything
>>		about privacy of radio.
>
>This technology is already known and exists.  It's not quite as cheap
>as it could be, and would be if it were part of the wider consumer use
>of radio spectrum (e.g. cellular).
>
>If there is going to be a law passed, let it be one that requires the
>use of encrypted radio communications as the only means to achieve
>private communications.  Require it absolutely for commom carriers.
>-- 

But if communications is encrypted, then the government would 
have no way of listening in whe the courts allow them to.  Of course,
the common carrier could do the encrypting and have the technology to
provide the government with "decryption" devices.  

Alot of the followup posts have been focusing on the issue of privacy
from government, e.g. "folks don't want the government to be allowed
to use what you say on the cordless-phone|baby-monitor|cell-phone to
be used against you".  Actually I see it as the government trying to
figure out how they can pass a law that makes the users of these
devices happy by giving them a sense of privacy.  IMHO, the real
problem is folks monitoring corporate-deals|unfaithful-wives|stock-
deals-in-progress and taking the information and selling it or using
it for blackmail purposes.

If the government can't assure users that their conversations are
reasonably private then the users that require reasonably private
communications are not going to use the technology.  By "reasonable",
I mean, for example, that everyone knows (or should know) that
government *can* monitor your conersations (e.g. tap your phone)
if they think your doing something illegal and that other individuals
aren't "listening in".

I see the portion of the ECPA that deals with cellular as a 
pacifier for the cellular providers and users.

Jeff