tp@mccall.uucp (Terry Poot) (10/16/89)
I have no idea where to post this! There are gadgets one can put on a telephone that purport to tell you if the conversation is being recorded. Does anyone know if they work? -- Terry Poot (800)255-2762, in Kansas (913)776-3683 The McCall Pattern Company, 615 McCall Rd., Manhattan, KS 66502, USA UUCP: rutgers!ksuvax1!mccall!tp Internet: tp%mccall@ksuvax1.cis.ksu.edu
gregk@ubvax.UB.Com (Greg Kendall) (10/17/89)
In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: >I have no idea where to post this! > >There are gadgets one can put on a telephone that purport to tell you if >the conversation is being recorded. Does anyone know if they work? There was a long discusion of this point on another group a while back. The long and short of it was, NO, they don't work, because of day to day variations in tx lines, etc, etc.
henry@utzoo.uucp (Henry Spencer) (10/17/89)
In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: >There are gadgets one can put on a telephone that purport to tell you if >the conversation is being recorded. Does anyone know if they work? They can't; it's fundamentally impossible. Competently-installed recording devices leave absolutely no sign of their presence on the phone line, unless one is deliberately provided. -- A bit of tolerance is worth a | Henry Spencer at U of Toronto Zoology megabyte of flaming. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
johnl@esegue.segue.boston.ma.us (John R. Levine) (10/17/89)
In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: >There are gadgets one can put on a telephone that purport to tell you if >the conversation is being recorded. Does anyone know if they work? Of course not. I suppose they might be able to notice if someone hangs another phone on the line and picks it up and listens, but there are lots of ways to tap a phone that are not electrically detectable. For starters, the person at the other end might put the microphone of a recorder next to the earpiece. -- John R. Levine, Segue Software, POB 349, Cambridge MA 02238, +1 617 864 9650 johnl@esegue.segue.boston.ma.us, {ima|lotus|spdcc}!esegue!johnl Massachusetts has over 100,000 unlicensed drivers. -The Globe
ee5391aa@hydra.unm.edu (Duke McMullan n5gax) (10/17/89)
In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: >There are gadgets one can put on a telephone that purport to tell you if >the conversation is being recorded. Does anyone know if they work? The answer is an absolutely definite maybe, with an appended probably not. First, "being recorded": There are ways -- of varying reliability -- to tell if your line has been tapped, but it'll require something on the order of deitic omniscience to tell you what's being done with that signal. Still, it's very likely that if you're tapped, you're being recorded. ECM -- governmentese for "electronic countermeasures" -- that apply to a tele- phone system fall into three categories: Prevention, detection and correction. Prevention (as usual) is the best, but what you asked about is detection. You can buy from various sources instruments purported to tell you if your line has an unauthorized tap on it. Do they work? Usually not. The methods vary. You can measure line impedance, which will detect low budget/ unsophisticated taps, you can listen for noise on the line, which is useless, or you can use TDM. That's technicalese for Time Domain Reflectometry. The idea is that you send a sharp pulse signal down the line, and watch carefully (i.e., with an expensive instrument) for reflections of the pulse which occur at every sufficiently abrupt impedance change in the line (i.e., at a tap). The TDM system also detects other telephones, connections to the service block, extension line connections, staples which penetrate the insulation, sharp kinks in the wire, etc. The TDM "signature" of the line is a pretty complex signal. This means that you must have the signature of a "clean" line, and compare this with your signatures as time goes on. When you spot a change, look into it. Is that reliable? Well...sort of. I've heard that you can tell from the location of a new blip in the signature where on the line the new impedance lump is located (which squares with my [sketchy] knowledge of TDM), but two other sources say that's a lot of bushwah in practice. It seems that you end up doing a physical inspection of the entire line anyway, which can be done without coughing up kilobucks for the TDM instrumentation and technician. For an authorized tap (done by the TelCo), forget detection. It's done at the central office (entirely in software, I'm told) and there exists no reasonable detection method from your end of the line. We should note that TDM methods usually involve breaking the line connection at the service entrance and terminating the block with the line's characteristic impedance, so you're not connected to TelCo when you do that test. That means that it isn't likely to tell you anything useful about a tap that's farther down the line than the telephone pole. Getting the signature of the connected line 1) may cause trouble with the TelCo circuitry and 2) changes anytime the TelCo techs do some line service, anythime the wind blows hard, and usually changes a bit when it rains. This applies to most detection methods: A simple bug is fairly easy to detect; a sophisticated one very difficult. The measures have a way of staying a step or two ahead of the countermeasures. Additionally, there's the cost factor. As expensive as GOOD bugging equipment is, the corresponding ECM stuff is a lot more expensive. Additionally, if I decided to tap your line, I don't waste money picking out lines at random: I just install the tap, sit back, listen, record, and prepare my blackmail info. On the other hand, you are in a worse position. Have I in fact bugged your line? You do a fairly simple (inexpensive) check. Nothing. Was your line bugged, or was it done in a way that you failed to detect? You spend more money and time. Still nothing, but you're still worried. Lotsa money later, you discover a fairly sophisticated radio transmitter, which you remove. There are no fingerprints, or anything else conclusive with which you can nail me. Still, everything's OK now, right? Right? Well...was that the only bug there? Was it placed for you to find, with another bug (which you haven't detected) backing it up? Did I place another bug after you found this one? Am I, in fact, the one who put it there? As you see, this sort of thing can lead directly to recursive paranoia. The bugger has advantage; the buggee the disadvantage. The only real safety is the preventative one: don't say anything on the telephone that you wish to remain private! Here's the best advice I've heard: If you're going to spend money on 'phone security, you're better off buying expertise than equipment. Pay your 'phone bill, d "In all levels of life, the sheep are only safe when the wolves are not hungry." -- F.J. Lovret Duke McMullan n5gax nss13429r phon505-255-4642 ee5391aa@hydra.unm.edu
otto@tukki.jyu.fi (Otto J. Makela) (10/17/89)
All right, it has now been established that there are no reliable means of
detecting a sophisticated phone tap.
Preventation: does anyone know of cheap but reasonably reliable scramblers ?
--
* * * Otto J. Makela (otto@jyu.fi, MAKELA_OTTO_@FINJYU.BITNET) * * * * * * *
* Phone: +358 41 613 847, BBS: +358 41 211 562 (CCITT, Bell 2400/1200/300) *
* Mail: Kauppakatu 1 B 18, SF-40100 Jyvaskyla, Finland, EUROPE *
* * * freopen("/dev/null","r",stdflame); * * * * * * * * * * * * * * * * * *illgen@hq.af.mil (Keneth..Illgen) (10/18/89)
In article <776@ariel.unm.edu> ee5391aa@hydra.unm.edu.UUCP (Duke McMullan n5gax) writes: >In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: >>There are gadgets one can put on a telephone that purport to tell you if >>the conversation is being recorded. Does anyone know if they work? > >The answer is an absolutely definite maybe, with an appended probably not. > >First, "being recorded": There are ways -- of varying reliability -- to tell >if your line has been tapped, but it'll require something on the order of >deitic omniscience to tell you what's being done with that signal. Still, it's >very likely that if you're tapped, you're being recorded. > >Prevention (as usual) is the best, but what you asked about is detection. You >can buy from various sources instruments purported to tell you if your line has >an unauthorized tap on it. Do they work? > >Usually not. > >The methods vary. You can measure line impedance, which will detect low budget/ >unsophisticated taps, you can listen for noise on the line, which is useless, >or you can use TDM. You mean TDR. TDM is Time Division Multiplexing and can't help you detect a phone tap. >That's technicalese for Time Domain Reflectometry. The idea is that you send a >sharp pulse signal down the line, and watch carefully (i.e., with an expensive >instrument) for reflections of the pulse which occur at every sufficiently >abrupt impedance change in the line (i.e., at a tap). The TDM system also >detects other telephones, connections to the service block, extension line >connections, staples which penetrate the insulation, sharp kinks in the wire, >etc. The TDM "signature" of the line is a pretty complex signal. This means >that you must have the signature of a "clean" line, and compare this with your >signatures as time goes on. When you spot a change, look into it. > >Is that reliable? Well...sort of. Actually it is very reliable provided you know the layout of the location you want tested. Testing in your home with a TDR would be a waste of time. It would take you less time to walk through the house to the junction box the it would to call Rent-A-Center to get a TDR. But if you know how the wires run in your office it can provide a clear indication of additional devices being attached to a line. >For an authorized tap (done by the TelCo), forget detection. It's done at the >central office (entirely in software, I'm told) and there exists no reasonable >detection method from your end of the line. This is true except that it's not entirely done by software. The software keys the line to be tested but the instrument that does the recording is put 'on-line' which will add to the impedance load. This (if you happened to be a a phone company technician in the building could be detected) used to be the little click you would hear. The click still happens only now it's a lot softer. >We should note that TDM methods usually involve breaking the line connection >at the service entrance and terminating the block with the line's >characteristic impedance, so you're not connected to TelCo when you do that >test. If you had the money and the paranoia you could simply tie in your TDR and your phone into a diplex plug and eliminate the first reflection on your scope by zeroing your meter after the pulse caused by your telephone/TDR. You don't have to disrupt the line to measure. This point could probably be debated regarding using and pulsing at the same time but my personal feeling is that the frequencies wouldn't interfere or bring down any equipment. >This applies to most detection methods: A simple bug is fairly easy to detect; >a sophisticated one very difficult. The measures have a way of staying a step >or two ahead of the countermeasures. >Additionally, there's the cost factor. As expensive as GOOD bugging equipment >is, the corresponding ECM stuff is a lot more expensive. Generally speaking cost can be pretty high however a reliable undetectable bug can be planted for around $100.00. It all comes down to where you plant it.
hollombe@ttidca.TTI.COM (The Polymath) (10/18/89)
In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: } }There are gadgets one can put on a telephone that purport to tell you if }the conversation is being recorded. Does anyone know if they work? Consumer Reports tested a bunch of these some time ago. None of them worked as claimed. -- The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimis non Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe
marks@whizbang.umiacs.umd.edu (Mark Schleifer) (10/19/89)
If a person who knows what they are doing puts a tap on your phone you won't be able to detect it. If you are willing to spend some money your best bet is to buy a scrambler. This will convert your message into a digital format which is almost impossible to decode. The only downside to this is that both parties must have them but they make any bugs on your line useless. You can even get portable scrablers that work with car phones. - Mark Spoken: Mark Schleifer Domain: marks@umiacs.umd.edu UUCP: uunet!mimsy!umiacs!marks Phone: +1-301-454-7678 USPS: UMIACS, Univ. of Maryland, College Park, MD 20742
carl@aoa.UUCP (Carl Witthoft) (10/24/89)
>In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: >}There are gadgets one can put on a telephone that purport to tell you if >}the conversation is being recorded. Does anyone know if they work? Naaaaah :=) I just got one of those yupscale catalogs at home. It has a phone monitor plug-in which will beep if the operator or someone on an extension phone picks up. The good part of the ad said "Warning. THis device will not detect the ultrsophisticated devices used by the CIA and KGB. If you are being monitored by one of these groups, you need a lot more help than this [gadget] can give you." well, true... -- Alix' Dad ( Carl Witthoft @ Adaptive Optics Associates) {harvard,ima}!bbn!aoa!carl 54 CambridgePark Drive, Cambridge,MA 02140 617-864-0201 "disclaimer? I'm not a doctor, but I do have a Master's Degree in Science!"
waters@darla.sps.mot.com (Strawberry Jammer) (10/24/89)
In article <20247@mimsy.umd.edu> marks@umiacs.umd.edu (Mark Schleifer) writes: } } If a person who knows what they are doing puts a tap on your phone you }won't be able to detect it. If you are willing to spend some money your best }bet is to buy a scrambler. This will convert your message into a digital }format which is almost impossible to decode. The only downside to this is }that both parties must have them but they make any bugs on your line useless. }You can even get portable scrablers that work with car phones. The only problem with scramblers are that they they don't work! The problem is that the actual number of codes is very limited (of course the dial may have 10M or more codes, but most of them are duplicates!). Audio scrambling using analog means is very easy to break as a result, digital scrambling can be made extremly difficult but requires 3-4X the bandwidth of the telephone line (2.5Khz Vs 16Khz). Not something you can use from your home or office. *Mike Waters AA4MW/7 waters@dover.sps.mot.com * He who attacks the fundamentals of the American broadcasting industry attacks democracy itself. -- William S. Paley, chairman of CBS
ted@nmsu.edu (Ted Dunning) (10/24/89)
In article <1917@dover.sps.mot.com> waters@darla.sps.mot.com (Strawberry Jammer) writes:
Audio scrambling using analog means is very easy to break as a
result, digital scrambling can be made extremly difficult but
requires 3-4X the bandwidth of the telephone line (2.5Khz Vs
16Khz). Not something you can use from your home or office.
this comment about bandwidth is inaccurate in these days of 9600 baud
modems. adaptive delta modulation can transmit very reasonable speech
over less than 9600 bits per second and encryption at this rate is not
difficult with dedicated hardware (and probably not out of reach for
something like a mips or sparc processor in software).
vocoder techniques can reduce the bit rate requirements to
approximately 2400 bits per second, but you tend to buy back the
sophistication of the modem with the sophistication of the coding for
the speech.
--
ted@nmsu.edu
Dem Dichter war so wohl daheime
In Schildas teurem Eichenhain!
Dort wob ich meine zarten Reime
Aus Veilchenduft und Mondenscheinjohnl@n3dmc.UU.NET (John Limpert) (10/24/89)
In article <1917@dover.sps.mot.com> waters@darla.sps.mot.com (Strawberry Jammer) writes: >Audio scrambling using analog means is very easy to break as a result, >digital scrambling can be made extremly difficult but requires 3-4X the >bandwidth of the telephone line (2.5Khz Vs 16Khz). Not something you can use >from your home or office. I know that there are NSA approved secure telephone systems for voice grade lines, I have seen ads in Aviation Week & Space Technology for the systems. Unfortunately, the NSA doesn't allow distribution of the technical manuals to ordinary civilians. Are there any low bit rate, commercially available voice encoder/decoder chips? I have seen variable slope delta modulation chips in unclassified, commercial equipment at 24/32 kbps. Decent audio quality but too fast for a normal voice grade line modem. The voice encoder/decoder seems to be the hardest part of a secure digital phone system. A relatively inexpensive system could be assembled with DES encryption and a V.32 modem. -- John A. Limpert I'm the NRA! Internet: johnl@n3dmc.UU.NET UUCP: uunet!n3dmc!johnl
gross@dg-rtp.dg.com (Gene Gross) (10/27/89)
In article <799@mccall.uucp> tp@mccall.uucp (Terry Poot) writes: > >There are gadgets one can put on a telephone that purport to tell you if >the conversation is being recorded. Does anyone know if they work? Terry, as far as I know they work. In fact, there is now a phone with such circuitry built-in. If you'd like more info on the phone, drop me an email note and I'll send you the ordering info. Peace, Gene
larry@kitty.UUCP (Larry Lippman) (10/29/89)
In article <2165@xyzzy.UUCP>, gross@dg-rtp.dg.com (Gene Gross) writes: > >There are gadgets one can put on a telephone that purport to tell you if > >the conversation is being recorded. Does anyone know if they work? > > Terry, as far as I know they work. In fact, there is now a phone with > such circuitry built-in. If you'd like more info on the phone, drop me > an email note and I'll send you the ordering info. Save your money. These gadgets do *NOT* work, except in the trivial case of a third party picking up an extension telephone at the premises where the "gadget" is located. About four months ago, I submitted a rather comprehensive article on this topic to comp.dcom.telecom; the balance of this article contains text from the above. If anyone wants a factual answer to the efficacy of these devices, then read the following... - - - - - - - - - - Subject: Myth and Reality About Eavesdropping Message-ID: <telecom-v09i0236m01@vector.dallas.tx.us> Date: 13 Jul 89 03:34:02 GMT X-TELECOM-Digest: volume 9, issue 236, message 1 of 1 > ] >I might add this is how the Federal Bureau of Investigation and the CIA > ] >also listen to you (assuming authorized taps, of course). When telco is > ] >served with a court order to apply a tap to your line, they tie another > ] >pair on your line in the office and send it through a coil and off to the > ] >FBI. [some text deleted] Most CO (central office) eavesdropping intercepts in a BOC CO are today performed using a modified MFT (Metallic Facility Termination) circuit pack which places about a 100,000 ohm isolated bridging impedance across the subscriber line. Supervisory signaling is detected on the subscriber loop using a high-impedance electronic circuit, and the signaling is repeated in an isolated fashion using the A and B leads of the repeating coil in the MFT to "reconstruct" a CO line for the benefit of monitoring apparatus. The entire purpose of the above effort is to prevent any trouble or noise on the intercept line or monitoring apparatus from causing any trouble, noise or transmission impairment on the subject line. Some BOC's may elect to use service observing apparatus to provide the necessary isolation and repeated loop supervisory signaling. Less common are locally engineered variations which merely use an isolation amplifier from an MFT or other 4-wire repeater, and which provide no repeated supervisory signaling (which is not all that necessary, since voice-activated recorders and DTMF signaling detectors can be used, and since dial pulses can be counted by playing a tape at slow speed). Today, the use of a "bridge lifter" retardation coil for the purpose of connecting an eavesdropping intercept line is virtually non-existent since they do not provide sufficient isolation and since they provide a fair amount of insertion loss without loop current on the "observing" side. Bridge lifter coils are primarily intended for answering service intercept lines, and consist of a dual-winding inductor which passes 20 Hz ringing and whose windings easily saturate when DC current flows. Bridge lifter coils are used to minimize the loading effect (and consequent transmission impairment) of two subscriber loops on one CO line. Bridge lifter coils provide a significant insertion loss at voice frequencies toward the idle loop; i.e., the loop in use will have DC current flow, saturating the inductor, and reducing its insertion loss to 1.0 dB or less. > ] If so, does this mean that the electronically inclined and paranoid > ] among us might be able to keep track of when we are being bugged by > ] measuring the impedance and capacitance of our lines? > Actually, it's already been done. > ] Maybe Sharper Image will start selling a box to watch your line and > ] tell you when its electrical properties change in a suspicious way? > I don't know if Sharper Image sells them, but there are any number of > "security consulting" firms which do. They include boxes which sit > beside/beneath the phone to a replacement microphone for a 2500 set > which has a little LED that lights up if the characteristics of the line > change... As the author of the second article stated, these gadgets are for the paranoid who have nothing better to waste their money on. The simple truth of the matter is that there is NO WAY for any person using ANY type of apparatus at the telephone set location to ascertain whether there is a properly installed eavesdropping device connected across their line in the CO. The only way such a determination can be made is through the cooperation of the telephone company. For that matter, there is virtually no way for any person using any type of apparatus in their premises to ascertain if there is ANY type of eavesdropping apparatus installed ANYWHERE on their telephone line outside their premises, unless the eavesdropping apparatus was designed or installed in an exceptionally crude manner (not likely today). Some types of eavesdropping apparatus may be located, but only with the full cooperation of the telephone company. The sole capability of these nonsense gadgets is to ascertain if an extension telephone is picked up during a telephone call, which is hardly a likely scenario for serious eavesdropping! These screw-in-the-handset gadgets work by sensing the voltage across the carbon transmitter circuit, and using a control to null this voltage using a comparator circuit. When a person makes a telephone call, the control is adjusted until the light just goes out. If an extension telephone at the user's end is picked up during the call, the increased current drain of a second telephone set will decrease the voltage across the carbon transmitter circuit, unbalancing the voltage comparator circuit, and thereby causing the LED to light. These voltage comparator "tap detectors" cannot even be left with their setpoint control in the same position, because the effective voltage across a subscriber loop will vary depending upon the nature of the call (except in the case of an all digital CO), and upon other conditions in the CO. Electromechanical and analog ESS CO's may present different characteristics to the telephone line, depending upon whether it is used at the time of: an originated intraoffice call (calling side of intraoffice trunk), an answered intraoffice call (called side of intraoffice trunk), an originated tandem call (interoffice tandem trunk), an originated toll call (toll trunk), or an answered tandem/toll call (incoming tandem or toll trunk). There is usually enough variation in battery feed resistance due to design and component tolerance changes on these different trunks to cause a variation of up to several volts measured at the subscriber end for a given loop and given telephone instrument. Even more significant are variations in CO battery voltage, which can vary (within "normal limits") from 48 volts to slightly over 52 volts, depending upon CO load conditions. 50 to 51 volts in most CO's is a typical daily variation. If anyone is curious, connect an _isolated_ voltage recorder or data logger to a CO loop and watch the on-hook voltage variations; in many CO's the resultant voltage vs 24-hour time curve will look just like the inverse of a busy-hour graph from a telephone traffic engineering text! In some all-digital CO apparatus, the subscriber loop signaling is performed by a solid-state circuit which functions as a constant-current (or current-limiting) device. With such a solid-state circuit controlling loop current, there is no longer ANY meaningful reference to CO battery voltage; i.e., one cannot even use short-circuit loop current at the subscriber location to even estimate outside cable plant resistance. To explode this myth even further, let's do a little Ohm's Law: 1. Assume a CO loop with battery fed from a dual-winding A-relay (or line relay, ESS ferrod line scanner element, or whatever) having 200 ohms to CO battery and 200 ohms to ground. 2. Assume a CO loop of 500 ohms (a pretty typical loop). 3. Assume an eavesdropping device with a DC resistance of 100,000 ohms (this is still pretty crude, but I'm being generous with my example). 4. Using some simple Ohm's law, the presence or absence of this hypothetical eavesdropping device at the SUBSCRIBER PREMISES will result in a voltage change of less than 0.5 volt when measured in the on-hook state. This voltage change is much less than normal variations of CO battery voltage. 5. Using some simple Ohm's law, the presence or absence of this hypothetical eavesdropping device at the CENTRAL OFFICE LOCATION will result in a voltage change of less than 0.2 volt when measured in the on-hook state. This voltage change is an order of magnitude less than the expected normal variation of CO battery voltage! Measuring voltage variations on a subscriber loop in an effort to detect a state-of-the-art eavesdropping device is meaningless, regardless of resolution of a voltage measuring device, since the "signal" is in effect buried in the "noise". Moving on to the subject of subscriber line impedance... There is simply no way for any device located on the subscriber's premises to obtain any MEANINGFUL information concerning the impedance characteristics of the subscriber loop and whether or not anything "unusual" is connected at the CO (or for that matter, anywhere else on the subscriber loop). There are a number of reasons why this is the case, which include but are not limited to: 1. The impedance of a typical telephone cable pair results from distributed impedance elements, and not lumped elements. Non-loaded exchange area cable (22 to 26 AWG @ 0.083 uF/mile capacitance) is generally considered to have a characteristic impedance of 600 ohms (it actually varies, but this is a good compromise figure). Loaded exchange area cable, such as H88 loading which are 88 mH coils spaced at 6 kft intervals, is generally considered to have a a characteristic impedance of 900 ohms (it actually varies between 800 and 1,200 ohms, but 900 ohms is generally regarded as a good compromise figure for the voice frequency range of 300 to 3,000 Hz). What this means is that a bridged impedance of 100,000 ohms located in the CO on a typical subscriber loop will result in an impedance change measured at the SUBSCRIBER LOCATION of 0.1% or less. That's IF you could measure the impedance change at the subscriber location. 2. As a general rule of thumb, the impedance of an exchange area telephone cable pair changes ONE PERCENT for every TEN DEGREES Fahrenheit temperature change. Actual impedance changes are a function of the frequency at which the impedance is measured, but the above rule is pretty close for the purposes of this discussion. 3. Moisture in the telephone cable causes dramatic changes in its impedance characteristics. While this may appear obvious in the case of pulp (i.e., paper) insulated conductors, it is also characteristic of polyethylene (PIC) insulated conductors. Only gel-filled cable (icky-PIC), which still represents only a small percentage of installed cable plant, is relatively immune from the effects of moisture. 4. From a practical standpoint, it is extremely difficult to measure impedance in the presence of the DC potential which is ALWAYS found on a telephone line. The subscriber has no means to remove the telephone pair from the switching apparatus in the CO to eliminate this potential. Therefore, any attempt at impedance measurement will be subject to DC current saturation error of any inductive elements found in an impedance bridge. The telephone company can, of course, isolate the subscriber cable pair from the switching apparatus for the purpose of taking a measurement - but the subscriber cannot. In addition to the DC current problem, there is also the problem of impulse and other types of noise pickup on a connected loop which will impress errors in the impedance bridge detector circuit. Such noise primarily results from the on-hook battery feed, and is present even in ESS offices, with ferrod scanner pulses being a good source of such noise. While one could possibly dial a telephone company "balance termination" test line to get a quieter battery feed, this still leaves something to be desired for any actual impedance measurements. 5. Devices which connect to a telephone pair and use a 2-wire/4-wire hybrid with either a white noise source or a swept oscillator on one side and a frequency-selective voltmeter on the other side to make a frequency vs return loss plot provide impressive, but meaningless data. Such a plot may be alleged to show "changes" in telephone line impedance characteristics. There is actual test equipment used by telephone companies which functions in this manner to measure 2-wire Echo Return Loss (ERL), but the ERL measurement is meaningless for localization of eavesdropping devices. 6. It is not uncommon for the routing of a subscriber line cable pair to change one or more times during its lifetime due to construction and modification of outside cable plant. Outside cable plant bridge taps (not of the eavesdropping variety) can come and go, along with back taps in the CO to provide uninterrupted service during new cable plant additions. Not only can the "active" length of an existing cable pair change by several percent due to construction, but lumped elements of impedance can come and go due to temporary or permanent bridge taps. The bottom line of the above is that one cannot accurately measure the impedance of a telephone pair while it is connected to the CO switching apparatus, and even if one could, the impedance changes caused by the installation of an eavesdropping device will be dwarfed by changes in cable pair impedance caused by temperature, moisture, and cable plant construction unknown to the subscriber. In some previous discussions in Telecom Digest about a year or so ago, there was mention of the use of a time domain reflectometer (TDR) for localization of bridge taps and other anomalies. While a TDR will provide a rather detailed "signature" of a cable pair, it has serious limitations which include, but are not limited to: 1. A TDR, in general, cannot be operated on a cable pair upon which there is a foreign potential; i.e., a TDR cannot be used on a subscriber cable pair which is connected to the CO switching apparatus. 2. A TDR contains some rather sensitive circuitry used to detect the reflected pulse energy, and such circuitry is extremely susceptible to noise found in twisted pair telephone cable. A TDR is works well with coaxial cable and waveguide, which are in effect shielded transmission lines. The use of a TDR with a twisted cable pair is a reasonable compromise provided it is a _single_ cable pair within one shield. The use of a TDR with a twisted cable pair sharing a common shield with working cable pairs is an invitation to interference by virtue of inductive and capacitive coupling of noise from the working pairs. 3. Noise susceptibility issues notwithstanding, most TDR's cannot be used beyond the first loading coil on a subscriber loop since the loading coil inductance presents far too much reactance to the short pulses transmitted by the TDR. There are one or two TDR's on the market which claim to function to beyond _one_ loading coil, but their sensitivity is poor. There is simply no device available to a telephone subscriber that without the cooperation of the telephone company which can confirm or deny the presence of any eavesdropping device at any point beyond the immediate premises of the subscriber. I say "immediate premises of the subscriber" because one presumes that the subscriber has the ability to isolate the premises wiring from the outside cable plant, and therefore has complete inspection control over the premises wiring. I have used the phrase "without the cooperation of the telephone company" several times in this article. No voltage, impedance or TDR data is meaningful without knowing the actual circuit layout of the subscriber loop in question. Circuit layout information includes such data as exact length and guages of loop sections, detailed description of loading (if present), presence and location of multiples and bridge taps, calculated and measured resistance of the loop, loop transmission loss, etc. Ain't no way that a telephone company is going to furnish that information to a subscriber! Sometimes it's even difficult for a government agency to get this information without judicial intervention. Despite what I have stated in this article, readers will see claims made by third parties as to the existence of devices which will detect the presence of telephone line eavesdropping beyond the subscriber's immediate premises. With the exception of the trivial cases of serious DC current draw by an extension telephone or the detection of RF energy emitted by a transmitter, this just ain't so. Companies like Communication Control Corp. (which advertises in various "executive" business publications) get rich by selling devices which claim to measure minute voltage and impedance changes on a telephone line - but consider those claims in view of the voltage changes due to CO battery variations and due to temperature changes in outside cable plant - and one should get the true picture. <> Larry Lippman @ Recognition Research Corp. - Uniquex Corp. - Viatran Corp. <> UUCP {allegra|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry <> TEL 716/688-1231 | 716/773-1700 {hplabs|utzoo|uunet}!/ \uniquex!larry <> FAX 716/741-9635 | 716/773-2488 "Have you hugged your cat today?"
dangross@csd4.csd.uwm.edu (Daniel E Gross) (10/31/89)
I would never have believed they existed either, but in the new DAK (c) catalog they have a device that will either cut your phone off when another is picked up, or will cut off all other phones when you pick yours up. Could be useful if you're using an answering machine, or modem with call waiting respectively - I guess. There must therefore be some way to tell. I would think that the line voltage would be constant though after one phone was off-hook. Beats me? :-$ Dan Gross
donegan@stanton.UUCP (Steve Donegan) (10/31/89)
There is no such thing as security. If a dedicated person/government etc. wants to tap your house/phone/car/place of work etc. they can. No scrambler system sold on the market today is capable of stopping a government from snooping. The real question is - do you have something to hide that 'they' want to know about? For most people that answer would be no. Are you a simple law breaker - 'they' won't probably go to the effort to spy on you anyway. If you really do have something to hide then I hope you're using one-time codes and all the other goodies of spy technology if you want to stay 'free'. If you're a business person, concerned about your trade secrets, the best thing to do is only communicate in-person, via passed paper, which would be burned and flushed with all concerned present. Sorry, after working in security for a few years one does become a professional paranoiac. -- Steven P. Donegan, Area Telecommunications Engineer, Western Digital Corp. Western Digital is not responsible for my opinions. stanton!donegan || donegan@stanton.UUCP || donegan%stanton@UUCP