private line: a journal of inquiry into the telephone system private line 5150 Fair Oaks Blvd. #101-348 Carmichael, CA 95608 USA privateline@delphi.com (916) 978-0810 FAX $27 a year for 6 issues. Mexican and Canadian subscriptions are $31 and overseas subscribers have to pay $44 :( A sample of the current issue is $4.00. ................................................................................ I. Editorial Page II. Updates and Corrections III. Letters IV. The Internet Bridge V. Cell Phone Basics, Part II A. Toll Fraud VI. An Interview With Damien Thorn VII. The entire Digital Telephony Bill VIII The Text of 18 USC 1029 IX. The Text of 47 CFR 22.919 (The regulation prohibiting cloning) I. EDITORIAL PAGE What's All This Stuff About The Law? 1. Welcome to a very different issue of private line. It contains much more on telecom law than I have ever put in. Much more, in fact, than I ever wanted to put in. The first mission of private line is to advance technical knowledge, especially for beginners. But I promised many people that I would include the text of the entire bill in this issue. I think that people should read this legislation. The problem was that I underestimated its size. To my horror the bill took up five full pages in unreadable eight point type once I keyboarded and scanned it in. Check out page 82 to get a sample. I then converted the text to nine point type. Better. That resulted, however, in nine pages. Gulp. 2. Well, since the article would take up so much room in unedited form, I decided to expand the magazine to 32 pages this issue. This allowed me to put in some comments and a few charts to make the bill a little more understandable. This was a very tough bill to make sense out of and organize. I used to do legal research for a living. My special resentment of this bill has to do with its complexity and the fact that an average per son had little chance of dealing with it when it was created. I think you'll see what I mean when you read it. By the way, my comments are meant to breakup the layout of the text -- nothing more. I know every one has their own opinion. 3. I'm writing this on April 6, 1995. I'm up to 67 subscribers and I am very happy about this. Subscriptions, back issue orders and news stand sales have now covered the cost of printing Number 4 and 5. That's a tremendous development. It gives me real encouragement to go forward and better the magazine. Thank you everybody. 4. The next issue will go back to regular telephone stuff. It will feature a field guide to outside plant equipment. This is the issue that I have wanted to do for a year! I am really looking forward to putting It together. It may include as many as twenty photographs. You'll be able to use it, for instance, to identify all those mysterious green telco boxes by the side of the road. 1'11 have pictures, too, of things I've mentioned before. Like open wire and solar powered payphones and party line phones. I'11 also have an article on how to build your own telephone system for $25. private line marks its first anniversary in June. Thanks again and I'11 see you all again in July. UPDATES AND CORRECTIONS 5. More magazines and newsletters: On The Line is the magazine of the California Payphone Association. It is a California publication but it does have news from around the country. Similar in feel to Public Communications. Should you get both? I think so. Send them five dollars for a sample and judge for yourself. Their address is: On The Line, c/o California Payphone Association, 2610 Crow Canyon Rd., Suite 150, San Ramon, CA 94583. 6. Telecom Publishing Group produces a number of interesting and very expensive newsletters and reports. The Report on AT&T, for example, claims to be the only newsletter that "focuses on AT&T and its bloody turf battles" It comes out twice a month. It goes along with The Report on AT&T FaxAlert; a bulletin by fax that comes out within 24 hours of any surprise move by the long distance carrier. Sounds great but it will cost you $697 a year. They also produce Information Networks, Mobile Data Report, FCC Report, Telco Business Report, Local Competition Report, State Telephone Regulation Report and Advanced Wireless Communications. These range from $397 to $591 a year for 24 issues. Oh, well. The one good thing is that they don't charge $35 for a sample like the Phillips' newsletters. They'll send you a free copy of one if you really want it. Telecom Publishing Group, 1101 King Street, Suite 444, Alexandria, VA 22314. 1-800-739-452-8011 (orders) or (703) 739-6437. 7. Blacklisted! 411 is an interesting, 2600 like magazine that's produced quarterly in southern California. They call themselves "The Official Hackers Magazine!" You can order it through the Tower chain now or in the future, possibly, through Fine Print Distributors. Or send $4.95 for a sample to Blacklist! 411, P.O. Box 2506, Cypress, CA 90630. (310) 596-4673. 8. Maurice Onraet mailed me copies of EDN and Electronic Design. EDN bills itself as "The Design Magazine of the Electronics Industry." It's a monthly that touches on a few telecom subjects from time to time. The Cahners Publishing Company publishes it 38 times a year. Supposedly $120 a year to non- qualified subscribers in the U.S., though it looks like you could get a free sub. Write for a sample: EDN, 8773 South Ridgeline Blvd., Highlands Ranch, CO 80126-2329. (303) 470-4445. Electronic Design is a real find. It's published by Penton Publishing, Inc. This twice monthly magazine occasionally features articles that directly impact telecom. Goldberg's article on PCS in the February 6, 1995 edition, for example, was a better read than a similar article in the expensive IEEE Personal Communications. Electronic Design has a $105 suggested subscription price but, again, I think you ought to try for a free sub. I really recommend that you write or call for a sample. Penton Publishing Subscription Lockbox, P.O. Box 96732, Chicago, Il 60693. (216) 696-7000. 9. Cellular Marketing is another resource for cellular information. It's a monthly that David Crowe says is now taking a more technical orientation. Annual subscriptions are $29 in the US and $39 in Canada and Mexico. Their subscription address is Argus Circulation Center, PO Box 41528, Nashville, TN 37204. The editorial address is 6300 South Syracuse Way, Suite 650, Englewood, CO 80111. 10. For you web types, AT&T is offering some of their industry newsletters on the web for two months. In a March 6, 1995 press release, AT&T promised that their home page would carry samples of 24 technical and business newsletters that it produces for its internal business units and AT&T Bell Laboratories. Sample issues of the publications would be accessible without charge in April and May. In return, users will be asked to evaluate the material. "The trial will determine how useful the newsletters will be to individuals and institutions outside of AT&T," according to Ralph Quinn, of the AT&T Information Services Network. "After the trial, the publications will be offered on the Internet at special charter prices." This seems a mixed blessing. Some of these publications may have had a closed subscriber list before. But AT&T will undoubtedly charge some very high rates once the trial is over. Oh, well. Their URL is: http://www.att.com/newsls/index.html. For inquiries about the trial, call the AT&T Information Services Network at 908-582-2619, or send E-mail to rmq@library.att.com. 11. There's been quite a bit of interest in the telecom related magazine list. I've decided to consolidate all the magazines described in one easy to read list. I'll update it as I get additions or corrections. Send me $2.00 (cash only, please) and a number 10 S.A.S.E. and I'll send you the current list. In addition, I'll extend your subscription by one issue if you can supply me some current, detailed information on any of the following: Telekom Praxis (German), Funkschau (German), Commutations & Refutations (French), Philips Telecommunications Review, Electrical Communication (published by Alcatel), Ericsson Review; Siemens Telecom Report; Northern Telecom Magazine, or Telesis (Canadian). I will also extend your sub if you tell me about any other telecom magazine that my readers would be interested in. 12. I've made a wonderful discovery! The McGraw-Hill Telecommunications Factbook is the best overall book about the telephone system that I have yet found. It is current and in print. Nothing on coin line services or cellular but otherwise a great read. It even explains tariffs. Good, clear diagrams. I recommend it without reservation. Around $30. Get this book. The rent can wait. Here's a quotation from a comprehensive chapter on telecommunications fundamentals. This small section is about PBX operation in a private network: "In the simplest case, referred to as point-to-point tie-line service, users access a trunk between two locations by dialing an access code (unique to the tie trunk between those two locations), followed by the desired station extension. For example a user on a PBX in Chicago calling a PBX in New York City might dial 8-368- xxxx. The digit 8 accesses a tie trunk group, 368 selects a dedicated tie trunk between the Chicago and New York City PBXs, and xxxx represents the called party's extension. A user on a PBX in Washington, DC, might dial 8-479-xxxx to reach that same New York City party over dedicated tie trunks between Washington, DC, and New York City. A unique exchange number would thus exist for each called location in this rudimentary private network, depending upon the location of the originating call. A private network call from Chicago to Washington, DC, could also be completed via the New York City PBX if the calling party first accesses the New York PBX and then manually dials the same access code for Washington, DC, that a New York caller would use. This type of service is known as manual dial tandem tie-line service and it cannot automatically route calls through multiple PBXs to take maximum advantage of network transmission facilities, or seek alternate routes if first choice trunks are busy." Great stuff. And that's just two paragraphs out of 374 pages worth of information. The McGraw-Hill Telecommunications Factbook is published by McGraw-Hill, Inc. Joseph A. Pecar, Roger J.O'Connor and David A. Garbin are the authors. The ISBN number is 0-07-049183-6. It's a paperback and it cost me $29.95. You should be able to order it from any book store since it is in print. You can also call McGraw Hill at 1-800-822-8158 to order. Failing that, try writing to them at Order Services, 860 Taylor Station Road, Blacklick, Ohio, 43004. And no, I don't make a dime off this. Your editor pays for all of his books. 13. ImOkey submitted an article from the Numismatic News about coin phone tokens. I'll reprint it next issue when I get more space. 14. A few notes on the Roseville Telephone Company Museum. The museum is open from 10 a.m. to 4:00 p.m. on Saturdays only. I recommended seeing an antique store that had old telephones. The lady who ran American Antiques has since passed away. The collection of old telephones got moved out of that building and sold to private collectors. 15. I stated in the first issue that Ericksson digital were installed in many Motorola built cell sites. Uh, no. Ericksson installed AXE 10's for many non-wireline carriers. The wireline carriers tended to use Motorola equipment. Many non wireline carriers use Ericksson. Motorola or Ericsson would only install their own equipment. To take this further, each carrier builds its own base station, maintains its own tower and uses their own MTSO. One carrier will keep functioning even if something happens to the other. 16. I don't want to turn private line into The Payphone Journal but there's something I need to discuss at length. People tired of coin line signaling can turn to the next article. I've gone over the differences between COCOT and telco payphones at some length. Much of that discussion revolved around my argument that red boxing wasn't possible from COCOTs. I contended that in the case of a 1+ call, for example, the payphone itself fixed the rates and checked the coins deposited. It didn't need, consequently, to signal any network resource like ACTS. A red box tone, therefore, would go into nowhere and do nothing as a result. 17. Well, what if you call an operator? What if you wanted them to place the call for you? What now? What happens when she asks you to deposit $1.25? It's most likely that the standard redbox tone gets delivered over the voice channel to the operator. You don't hear it on your end because the audio gets muted when it's transmitted. Many COCOT owners contract with AT&T or other mainstream companies to provide operator services. I cannot imagine a special tone to accommodate COCOTs. The bottom line? Red boxing may work from certain older COCOTs that haven't been updated. Ones that don't use a coin validator or circuitry that either mutes the mouthpiece or filters out any quarter tone originating from the transmitter. 18. Going further, the voice channel may also be used to initiate coin return and coin collect. These would have to communicate directly with the COCOT since there isn't any special equipment at the CO to trigger a COCOT, unlike the telco payphone with its dedicated coin line. So what might these COCOT frequencies be? How about a steady tone of 697Hz & 1633Hz for coin return, 770Hz & 1633Hz for splash back (alerts a telco operator that the call needs special handling) and 852Hz & 1633Hz for coin collect? These tones differ considerably from the telco ones, such as those published in the last issue. You should recognize these tones. They are silver box tones, the "A", "B", and "C" keys respectively. Any extended DTMF keypad should generate them. See what you get for reading patents? Check out patent 4,924,497, Pay Station Telephone Interface Circuits at your nearest Patent and Trademark Libary or send $3.00 to the PTO to get all 33 pages of it. Check or money order to: Commissioner of Patents and Trademarks, Box 9, Washington, DC 20231. 19. There is one caveat to add to the above discussion. The patent involved mentions standard red box tones. Yet the other three are different from the usual telco tones. Are the normal tones now obsolete or do operater service provider equipment distinguish between COCOT and telco? They should be able to produce different tones but I don't know if they do. COCOTs are registered with different databases to prevent such things as calling collect to a payphone. It is possible that a particular tone is sent depending on the ANI. 20. I mention this confusion over signaling because we are moving toward the next generation of payphone signals: digital. On The Line reports that several telecom companies are working with Pacific Bell to "lay the technological groundwork for further competition in local service in California." That includes testing the delivery of COCOT payphone signals over digital lines. Whoa. Amtel, a large COCOT provider, is the sole private payphone participant in these tests. They'll work the COCOT angle while the rest of the companies "develop standards for interconnection and interoperability of multiple networks, the processes and systems required to support these standards, and the delivery of support services such as 911 . . ." Yeah, yeah, yea. Back to the digital line. 21. ISDN and Switched 56 need only an extra twisted pair. The telco doesn't have to put in any special wiring to support these services -- just two sets of conventional twisted pair. It may indeed be possible to have a public picture phone in the near future, say around the turn of the century. Stay tuned. III LETTERS 22. Dear private line, I'm reading the latest issue of private line and have a few comments for you. First of all, pages 36 and 49 are totally blank in my copy, not even the page numbers are there. I hope this is a problem limited to just a few copies. Next, debit vs. credit cards. I know this is confusing to folks who don't spend their lives as accountants, or, in my case, programming accounting software. Debit and credit have nothing to do with positive or negative balances -- they mean the left and right side of the ledger. The value of the potential calls on the cards is an asset -- one increases the accounting for assets by increasing the debit side of the balance sheet part of the ledger. The bill you run up on your credit card is a liability -- which are increased on the right or credit side. The confusion stems from banking. Customer accounts in banks are actually liabilities to the banks, so crediting one's account means an increase in the bank's liability. And that's just the debit, or left side of the ledger. . . Enough accounting. You note how the collector appeal of phone cards has artificially jacked up the prices. In Japan. where the whole thing got started (Local phone calls are dirt cheap in Japan), and before the sales tax, I and S yen coins disappeared and the 10 yen coin - the cost of a local 2 or 3 minute call, was on its way out) calling cards are usually a bargain. Sure, there are collector cards, but the generic variety buys more message units that a similar amount of 10 and 50 yen coins. Regarding magazines -- I wrote an article in Poppin' Zits!, later reprinted in Whole Earth Review, about hacking subscriptions to invisible literature (or specialized trade magazines). At one point, my girlfriend and I collected subs to over 100 of them, and we never paid more than a stamp. I got my start in programming after devouring issues of Data Nation and related publications. I could fax you a copy, and if you're interested in reprinting some of it, I might be able to find the original file and email it to you. Keep up the great work. Jerod Pore jerod23@netcom.com 23. "There were at least 60 defective copies of private line Number 5. That's out of a press run of 1000. I found out about it after I mailed my subscribers copies. Those with a defective copy should drop me a line and 1'11 mail you a good copy with all the pages. The terminology of calling cards is confusing. I may run through the terms again when I do an article on the switches involved." 24. Dear private line, I just received private line number 5 in the mail today. I think your list of magazines and newsletters is excellent. You did miss Cellular Marketing Magazine. While in the past this was probably more fluffy than Cellular Business (which isn't as bad as your reader says), it now has three excellent columnists: Andy Seybold, Lawrence Harte, who wrote a book on digital cellular, and myself. (Well, two excellent columnists and one mediocre ... myself.) It is trying to take a more technical focus. Your article on cellular fell down on the concept of validation. First of all, ESNs and MlNs cannot be fully validated independently, they are only valid as a pair. Secondly, the HLR is part of the home system, and is only one of three components that are used in validation. The MSC (MTSO) has contact with the subscriber. The VLR contains a database of roamers (conceptually, it is usually physically part of the MSC). The HLR is remote (for roamers) and contains the 'master record' for each subscriber. The term HLR has been around a lot longer than Coral Systems and is I believe a CCIT term (now renamed ITU-T, International Telecommunications Union). The databases developed by GTE and EDS are not as important as they used to be. Switches and HLRs that comply to the IS-41 standard can avoid them completely. The GTE and EDS systems did contain lists of individual MlNs and, more importantly, ESNs that were bad. However. any validation of part of the MIN/ESN pair is less good than going whole hog. The reason why GTE and EDS developed those databases is that it took so long for the cellular industry to develop the standards and networks to allow full real- time validation; i.e. TIA Interim Standard IS-41 running over mostly SS7 networks. David Crowe 71574.3157@compuserve.com 25 "David Crowe writes Cellular Networking Perspectives. Many of the terms he discusses above are explained and diagrammatically represented in a special issue of that newsletter called "IS-41 Explained ". You can write for a free copy of it by sending a request to Cellular Networking Perspectives, 2636 Toronto Crescent NW, Calgary, AB T2N 3WI." 26. Dear private line, Please accept this sample copy. As you can see, we have advertising only. Buyers and sellers of telecom equipment. The "Yellow Paper" of broker/dealers. I'm not sure I under stand your publication but please send it to me and I'll send you a 3d class subscription (2 years.) Thanks. Judy B. Smith Telephone International, Inc. 27. Thanks for the sub. I don't understand this publication myself. It's not a hacker zine or a corporate telecom magazine. Even my subscribers don't quite understand it, as evidenced by the following. 28. TO: Mr. TOM FARLEY FROM: CHRIS THORNTON I AM GLAD TO HEAR FROM YOU AND I DID RECEIVE THE lST. ISSUE. THE INFORMATION LOOKED VERY MUCH LIKE THE CELLULAR PHONE TECHNICAL INFO IN THE MOTOROLA CELLULAR PHONE TECHNICIAN GUIDE, WHICH IS THE SAME INFO THAT IT SEEMS EVERY ONE IS AFTER IN THE CELLULAR UNDER WORLD. BUT I AM NEW AT HACKING, PHONE PHREAKING, ACCESSING GOV. COMPUTERS AND ETC. HOW DO I PUT TO USE THE INFO YOU PROVIDED IN PRIVATE LINE? PLEASE INCLUDE A STEP BY STEP PROCESS. YOU COULD USE THE WORD "MAYBE" TO COVER LEGAL ASPECTS IN FRONT OF SENTENCES LIKE "MAYBE THIS IS METHOD A PERSON WOULD USE TO ACCESS & USE ANOTHER PERSON'S CELLULAR PHONE OR GOVERNMENT COMPUTER MODEM PHONE #. AND PRODUCE DETAILED EXACT STEPS TO GAIN ACCESS AND WHERE TO GET THE EQUIPMENT MANUALS TO GET ACCESS. IN MY OPINION YOUR FINANCIAL PROBLEMS WILL GO AWAY AS DID THE 2600 MAG WHEN THEY BASICALLY DID THE ABOVE BUT NOW 2600 HAS BECAME A LAME DUCK BECAUSE THEY GOT AWAY FROM WHAT MADE THEM THE KIND OF STEP BY STEP GENERAL AND TECHNICAL INFO LISTED ABOVE. I AM INTERESTED IN THE GOV. INTELLIGENCE, TREASURY, FEDERAL RESERVE, GOV. BIOCOMPUTER, PHONE COMPANIES' MODEM PHONE #'S /PASSWORDS AND ACCESSING LOCAL T.V.A., GOV. COMPUTERS THEN NETWORKING TO OTHER GOV. COMPUTERS WHY? TO BE CHARGED ONLY A LOCAL CALL ON A PHONE BILL . 29. "HMMM. WHERE TO START? SHOULD I? THE INFORMATION contained in the cellular article last issue was derived from all of the materials I cited. I do all my own research and writing. It may look similar to what others have done but it is not the same. The AMPS call processing diagram, for example, is quite similar to a chart first produced by OKI and later copied by such people as Gibson in Cellular Mobile Radiotelephones. The original chart was, to me, unreadable and aimless. I thought I did a good job of taking that information and making it understandable. Maybe not. I have not seen the Motorola manual you refer to. I can tell you that I haven't had any luck getting manual retailers to advertise or to correspond. Maybe you'll have better luck: Automated Info: Technical Manual Experts (619) 931-0259 or (800) 331-6939; Phone Guys USA (714)-843-9999 (800) 322-5443; or Technicom (908) 446- 0317. There's also Ventura Electronics but I don't have any current info. I explained in the last issue that I'm not interested in writing specific hacking articles. There are too many things I want to cover in general first. In addition, some of my articles may not have any practical application. I wrote about post pay in the first issue, for example, because no one else had written about it, not because the article would be practical. I do encourage people, however, to contribute anything they have written that is specific or utilitarian. It would help make private line a more interesting magazine. To this date, though, there have not been any articles submitted to me for publication. Writing an article might help you gain some of the practicality you so desire. Pick a subject. Research it. Do some field work. Write out your notes and then combine them to produce a story. The only way that I really learn something is by experimenting and then writing." IV. THE INTERNET BRIDGE I'm starting this service and column to help subscribers who have technical questions that Damien or I can't answer. I'm limiting it to those with no net access, those who can't take advantage of the various telecom groups. I'll post your question to comp.dcom.telecom.tech; the most technical of the USENET newsgroups. Send me a #10 S.A.S.E. with your question. I'll engage in the discussion needed to get an answer. Be prepared to wait -- some of the best questions go unanswered or languish for weeks before a response comes through. I'll then drop the reply, if any, into the mail once I get it. Don't be suprised if the answer produces more questions on your part. Let's run through an example of how this worked recently. I got a letter and a old Specialized Products catalog last week from a subscriber in Minnesota. The reader wrote, in part, the following: "I have a question. Note on page 167, in the second paragraph from the top, the text states, 'Additionally, a momentary send 2713Hz button is provided to actuate Bell Model 829 Loopback devices. The AM-44 fully complies with Bell System Technical Reference (BSTR) 41009.' What is a Bell 829 Loopback device? What does it do? How does a person access it? Can it generate ringbacks? Or test dial speeds? Or provide loopback circuits for testing circuit quality? Does the mentioned Technical Reference provide insight?" Hmmm. Another mystery. Just what I needed. I posted the basic question to the group. Two days later I got this private reply from Ken Wells in the Marshall Islands: "The last time I saw an 829 was seven years ago. I am not sure how many are installed these days. But I am sure there are still thousands out there. The 829 was used to terminate a 4-wire analog circuit at the customer premise. Essentially, it was a demarcation point. The 829 could be looped from the central office with the 2713 tone. It could also be looped from either end of the circuit. I can remember looping circuits in Huntsville, Alabama (Marshall Space Flight Center) to all parts of the country. We inject a tone and loop the distant end and send and receive tones for testing. Before the Bell System breakup, the 'telephone company' would install their modems (2096A for example) on the 'customer' side of the 829. Most 829s I worked with were Western Electric. Some later models were made by Telco Systems (called 829AF). Now, the local phone company takes the circuit from the long haul carrier and terminates it. The customer no longer has to buy or lease the analog modem from Telco. There were several versions of 829. Some were fixed level. Others had adjustable levels (attenuation from WECO). Telco Systems units required power and provided gain also. One version had front panel jacks and another did not. I think we used 829B mostly. I guess the short answer is that an 829 terminates a 4- wire analog circuit. I think I have a Bell System Practice on the 829. If you are interested or just curious, I will be happy to fax it to you. Just e-mail your fax number. No problem whatsoever." As it turned out, Ken didn't have the BSP on hand but he graciously sent the same information from an AT&T manual. The BSPs, by the way, were Bell System standards, uniform practices and procedures used by the Baby Bells. Bellcore still publishes these in an updated form for many phone companies to follow. Adding to our discussion was a public reply from Wayne Huffman: "The 829 is used to test the levels on a voice-grade analog private line -- there used to be tons of these. You accessed the circuit (in the AT&T C.O., we used a SMAS panel -- I think that stands for Switched Measurement Access System). You'd split the circuit, and then send the 2713Hz tone. The 829 loopback unit, installed where the line terminated at the customer premise, would do exactly that -- loop the tx and rx pair together, to give you continuity for testing. A 1004Hz tone was sent out the tx side, and measured on the rx side, and compared against the circuit layout card, which had the spec for that circuit. If all tested well, we'd give it to the LEC to dispatch for a customer premise trouble. Sending the 2713Hz again dropped the loopback. If you were at the customer premises, you could hear the relay click, and there was a 'LPBK' light to show the line was looped. Sometimes, that was the only trouble -- someone left it looped. These units are small slide-in cards, often mounted in a single 'Teletrend' housing with a brick AC adapter. Most of this stuff is digital now, I think." I think these responses answer the questions put, don't you? At least enough to go further? I had been putting off learning about four wire signaling but I guess I'll have to read up on it now. Would you like to see more of this kind of article? As a footnote, I sent both men copies of private line for their trouble. In addition, it turns out that Ken has written a ten page report on the 900 industry -- a how to guide. Non-corporate material on this subject is hard to find. "The Straight Scoop on the Pay-Per-Call Industry," is available for $10.00 from Kenneth R. Wells, 1142 Auahi Street, Suite 2014, Honolulu, Hawaii. 96814 (Checks, money orders, VISA, MC) Or order from 1-800-482-FACT. V. CELLULAR PHONE BASICS, PART II We looked at AMPS and analog call processing last issue. Now let's go digital. TDMA or time division multiple access is the most commonly used digital cellular system in America. Call set up is the same as for AMPS. A conversation gets passed to TDMA once the call gets going. TDMA systems and most TDMA phones can handle AMPS calls as well. TDMA's chief benefit comes from increasing call capacity -- a channel can carry three conversations instead of just one. But, you say, so can NAMPS, Motorola's analog system that we looked at last issue. What's the big deal? NAMPS can carry the same number of calls as most TDMA systems. NAMPS though, has the same fading problems as normal AMPS, it lacks the error correction that digital systems provide and it isn't sophisticated enough to handle encryption or advanced services. Things such as calling number identification, extension phone service and messaging. In addition, you can't monitor a TDMA conversation as easily as an analog call. So, there are other reasons than call capacity to move to a different system. Many people ascribe these benefits to TDMA because it is a digital system. Yes and no. Advanced features depend on digital but conserving bandwidth does not. How's that? Three conversations get handled on a single frequency. Call capacity increases. But is that a virtue of digital? No, it is a virtue of multiplexing. A digital signal does not automatically mean less bandwidth, in fact, it may mean more. [1] Multiplexing means transmitting two or more conversations on the same frequency at once. In this case, small parts of three conversations get sent simultaneously. This is not the same as NAMPS, which splits the frequency band into three discrete sub- frequencies of 10khz apiece. TDMA uses the whole frequency to transmit while NAMPS does not. NAMPS does not involve multiplexing. And besides, TDMA is a hybrid system, combining both analog and digital components. It must be since it uses the AMPS protocol to set up calls. Despite what the marketing boys say, only CDMA or code division multiple access is a fully digital system. More on CDMA later. Let's look at some TDMA basics first. We see that going digital doesn't mean anything special. A multiplexed digital signal is what is key. Each frequency gets divided into six repeating time slots or frames. Two slots in each frame get assigned for each call. An empty slot serves as a guard space. This may sound esoteric but it is not. Time division multiplexing is a proven technology. It's the basis for T1, still the backbone of digital transmission in this country. Using this method, a T1 line can carry 24 separate phone lines into your house or business with just an extra twisted pair. Demultiplexing those conversations is no more difficult than adding the right board to a PC. TDMA is a little different than TDM but it does have a long history in satellite working. What is important to understand is that the system synchronizes each mobile with a master clock when a phone initiates or receives a call. It assigns a specific time slot for that call to use during the conversation. Think of a circus carousel and three groups of kids waiting for a ride. The horses represent a time slot. Let's say there are eight horses on the carousel. Each group of kids gets told to jump on a different colored horse when it comes around. One group rides a red horse, one rides a white one and the other one rides a black horse. They ride the carousel until they get off at a designated point. Now, if our kids were orderly, you'd see three lines of children descending on the carousel with one line of kids moving away. In the case of TDMA, one revolution of the ride might represent one frame. This precisely synchronized system keeps everyone's call in order. This synchronization continues throughout the call. Timing information is in every frame. Any digital scheme, though, is no circus. The actual complexity of these systems is daunting. I invite you to read further if you are interested. [2] There are variations of TDMA. The only one that I am aware of in America is E-TDMA. It's operated in Mobile, Alabama by Bell South. Hughes Network Systems developed E-TDMA or Enhanced TDMA. It runs on their equipment. Hughes developed much of their expertise in this area with satellites. E-TDMA seems to be a dynamic system. Slots get assigned a frame position as needed. Let's say that you are listening to your wife or a girlfriend. She's doing all the talking because you've forgotten her birthday. Again. Your transmit path is open but it's not doing much. As I understand it, "digital speech interpolation" or DSI stuffs the frame that your call would normally use with other bits from other calls. In other words, it fills in the quiet spaces in your call with other information. DSI kicks in when your signal level drops to a pre-determined level. Call capacity gets increased over normal TDMA. This trick had been limited before to very high density telephone trunks passing traffic between toll offices. Their system also uses half rate vocoders, advanced speech compression equipment that can double the amount of calls carried. Code Division Multiple Access has many variants as well. InterDigital, for example, produces a broadband CDMA system called B-CDMA that is different from Qualcomm's narrowband CDMA system. For this article, however, I'll just mention a few things. I give references at the end of the article for those going further. [3] A CDMA system assigns a specific digital code to each user or mobile on the system. It then encodes each bit of information transmitted from each user. These codes are so specific that dozens of users can transmit simultaneously on the same frequency without interference to each other. They are so specific that there is no need for adjacent cell sites to use different frequencies as in AMPS and TDMA. Every cell site can transmit on every frequency available to the wireline or non-wireline carrier. CDMA, is also much less prone to interference than AMPS or TDMA. That's because the specificity of the coded signals helps a CDMA system treat other radio signals and interference as irrelevant noise. Some of the details of CDMA are also interesting. Qualcomm's CDMA system uses some very advanced speech compression techniques, in particular, a variable rate vocoder. Phil Karn, one of the principal engineers has written that it "[O]perates at data rates of 1200, 2400, 4800 and 9600 bps. When a user talks, the 9600 bps data rate is generally used. When the user stops talking, the vocoder generally idles at 1200 bps so you still hear background noise; the phone doesn't just 'go dead'. The vocoder works with 20 millisecond frames, so each frame can be 3, 6, 12 or 24 bytes long, including overhead. The rate can be changed arbitrarily from frame to frame under control of the vocoder." This is really sophisticated technology. Expect CDMA to get going this year in more markets. As I understand it, the Los Angeles area has one carrier providing CDMA right at the moment. In the Seattle area, NewVector was to have a Qualcomm type CDMA system operating by now but that date keeps getting pushed back. Bell Atlantic Mobile and NYNEX Mobile recently announced that they will deploy CDMA throughout their coverage areas but they gave no dates. My feeling is that the future is with this technology. Toll Fraud -- I promised a look at some current information on cell fraud in the last issue. The information I found, though. doesn't make much sense. The ranges of dollar amounts given by industry can only be labeled as guesses. Before beginning, let's look at telecom in general to give us some perspective. Last yet the FCC held a hearing on telecommunication fraud. The report stated that industry and Secret Service officials estimate that toll fraud runs between I billion and 5 billion dollars a year 141 That's against an annual billing of 175 billion in 1993. Let's take the high figure and say that toll fraud takes 3.5% of industry revenue. Figures on cell fraud vary widely as well. The Seattle Post Intelligencer reported late last year that law enforcement and industry officials claimed that cell fraud costs between 400 million and one billion dollars per year. The head of CTlA's (Cellular Tele communications Industry Association) fraud task force, however, told Newsday on November 30, 1994 that cell fraud cost his industry a million dollars a day. I've seen that one million dollar figure many times, in articles such as the San Francisco Chronicle on November 1, 1994 and the Sacramento Business Journal on October 31, 1994. We must assume that they were reporting previous year's figures for reasons I explain later. I've chosen to stay with this CTIA estimate because they are the leading trade organization. Based on 9 billion dollars in cellular billing in 1993, we come out with a figure of 4% in fraud for the same year. I suspect these figures for several reasons. The main problem with industry estimates and CTIA figures is that they don't break down the figures. There is no way, therefore, to distinguish between subscription fraud, stolen phone fraud or access fraud. Everything gets lumped into the big category of fraud. Everyone who ever stiffed a carrier to run up a bill or stole a phone to call Indonesia is practicing cellular fraud. Yet the CTIA makes believe that cell phone cloning is the number one problem. I suspect that the real problem Is bad debt. There are currently 25 million phones in America with over 27,000 subscribers signing up every day. A cellular dealer gets a percentage from each person they sign up. I know they run credit checks but I'd like to see some real accounting on the number of bad accounts. The CTIA, though, tightly controls the flow of most information about the cellular industry. Even Standard and Poor's Industry Surveys, a widely respected publication, is forced to use CTIA figures to develop their reports on the cellular trade. 151 Let me run through an example of how hard it is to get any information from them and how worthless it is once you get it. New York carriers now require their customers to use PIN numbers before making a call, In explaining reasons why, the CTIA came up with some specific numbers for the first time. They told the Wall Street Journal on February 3d that cellular operators lost $482 million to fraud in 1994, a 32% increase over the previous year. This lost revenue supposedly amounted to 3.7% of the industry's $13 billion revenues in 1994. This figure was sharply higher than the million dollar a day mantra they chanted in 1994. What gives? Was it $482 million that they claim now or $365 million like they claimed last year? Part of the problem is that they report these figures on a fiscal basis. June instead of January. So things get hard to follow. But I hadn't seen anything this high when I last checked in with them on January 22, 1995. A 32 percent increase in fraud during 1994 would mean that a loss of 365 million dollars occurred in the previous fiscal year of 1993. The cellular industry was a 9 billion dollar industry during that time. I have in my possession, however, a CTIA document from 1993 that contradicts this. A report on fraud dated November 18, 1993 states that "There is no official reporting system, but private estimates by carriers and others range from $100 million to $300 million dollars a year." Well, well. What is it this time? $365 million? $300 million? $100 million? There's a discrepancy of at least 65 million dollars in fiscal year 1993 according to their own figures. Leaving aside the fact that CTIA knows how to count profits but not losses, let me tell you how to get this four page report. It's called "Fast Facts: Cellular Telephone Fraud". Dial CTlA's free fax on demand service at (202) 758-0721. Press the pound sign when you hear the automated operator and then enter 3116 when it asks you for a document. Don't hit the wrong key -- you'll wind up in their voice mail system:) And believe it or not, this is still the document that they deliver to the public by fax to report on fraud. How concerned can they be when they don't even update their figures? When they don't get them right In the first place? And are their new figures any more accurate than what they had before? Or does that $482 million dollar figure also have a range? And can we assume that there is now an official reporting system? And how much of that loss is from dead beats? Or stolen phones? The CTIA may well have knocked down the percentage of fraud from 4% to 3.7%. It may even be below the industry rate for fraud right now. But their fraud squad is growing and you won't see them go away. They've not only helped the Secret Service rewrite 18 U.S.C. as I described on page 81, but they are now buying the S.S. the latest cellular equipment to keep them up to date. I resent this shadow police force becoming a part of our lives, especially when they can't provide the information necessary to support their paranoia. I mentioned that the New York area is moving to PINs. What's interesting is that NYNEX uses hookflash to deliver the PIN and not an easily poachable DTMF tone or data burst. I'm not sure how it gets sent. One hookflash is normally 400 ms. of signaling tone sent over the reverse voice channel. A four digit pin would need multiple bursts of carefully spaced ST to accomplish the task. 40% of NYNEX customers have adopted PINs as of April 17. Cellular One, though, is floating the idea of requiring customers to use digital phones at the end of the year, to help combat fraud. Good luck. Two competing firms are currently working on radio fingerprinting technology to block fraudulent calls. Corsair Communications of Sunnyvale is a spin-off of TRW Wireless Communications. TRW holds a minority interest in the company. Corsair's product is called "PhonePrint" and it is currently moving through the patent process so we can't take a look at the specifics just yet. Nor will TRW comment. The PTO does not release patent information while an invention is being considered (Just to let you know, you can get copies of the entire patent file for $125 from the PTO once a patent gets approved. This includes material submitted by the applicant for the examiner to consider. That might be dozens of documents concerning the patent that interests you.) I did get one TRW employee to tell me, however, that their technology fingerprints each phone off the air when it registers. There is no need to bring the phone to a dealer to have its profile logged. New phones and existing phones get profiled together. Their system stores an analog signal profile of the transmissions from a particular phone from any location once it is first sent. Cloned phones get denied service when their profile doesn't match the signature assigned to the original phone. Cellular Technical Services or CTS is a Seattle software company. They write programs for McCaw Cellular and others. Its finger printing product is called Blackbird, which they claim has been in development for three years. Los Angeles Telephone has already installed the system at 50 cell sites. They claim that field 90% of cloned phones were blocked during trials. Plans are to install the equipment in Miami and New York as well. The wireline carrier will probably use one fingerprinting program and the non wireline carrier will use the other. Look for these programs in only high fraud areas -- NYNEX claims they spend $15 million a year on anti-fraud technology -- a lot of fraud must take place to justify this cost. There are also simple ways to cut down on cloning. Motorola's "Clone Clear" is a program that works with Motorola switches. It simply denies service to any phone with the same ESN/MIN that tries to register while another phone with that combination is in use. It doesn't determine which phone is valid -- it just keeps one off the air. The carrier gets notified of a clone once the legitimate caller complains. Let me leave you with a funny story. Air Touch says that over 400 people have been arrested in the Los Angeles area for cloned phone fraud. Industry sources claim that 60% to 70% of cell phone traffic on a Friday night in Oakland is pirated. Despite the notoriety over cloning, it's obvious that the message isn't getting out about its legality. A recent post to a USENET group by a telecom employee asked if cloning was legal in California. I quickly responded by citing case law, regulatory law and statutory law to support my view that cloning was definitely NOT LEGAL! To assure him that I wasn't some sort of CTIA goon, I wrote back later. I said that I didn't have a problem with cloning when a husband and wife, for example, shared two different phones with the same ESN/MIN. They save a flat monthly by doing that, but it is, of course, illegal. Much to my suprise, this employee of a major firm wrote back that: "My situation is that I support law enforcement communications systems and have been asked by a local police chief if I would like for his son to clone my phone for me. The PD has numerous cloned phones in use. We're asking the DA for a legal opinion, based on your information." Thanks again. (name of individual and firm withheld) [1] "The most noticeable disadvantage that is directly associated with digital systems is the additional bandwidth necessary to carry the digital signal as opposed to its analog counterpart. A standard T1 transmission link carrying a DS-1 signal transmits 24 voice channels of about 4kHz each. The digital transmission rate on the link is 1.544 Mbps, and the bandwidth required is about 772 kHz. Since only 96 kHz would be required to carry 24 analog channels (4kHz x 24 channels), about eight times as much bandwidth is required to carry the digitally (722kHz / 96 = 8.04). The extra bandwidth is effectively traded for the lower signal to noise ratio." Fike, John L. and George Friend, Understanding Telephone Electronics SAMS, Carmel 1983 [2] There's a wealth of general information on TDMA available. You won't have any problem looking it up. Aside from magazines, these books have snippets of information: Macario, Raymond Cellular Radio: Principles and Design McGraw Hill, Inc., New York 1993 161; and Myers, Robert A. ed., Encyclopedia of Telecommunications Academic Press, Inc. San Diego 1989 321; [3] Karn refers to On the System Design Aspects of Code Division Multiple Access (CDMA) Applied to Digital Cellular and Personal Communications Networks by Allen Salmasi and Klein S. Gilhousen [WT6G], from the Proceedings of the 41st IEEE Vehicular Technology Conference, St. Louis MO May 19-22 1991 and the May 1991 IEEE Transactions on Vehicular Technology, which has several papers on CDMA. (The Transactions are collections of papers published by the IEEE on every conceivable piece of electronic technology.)\ [4] The paper I'm referring to is contained in a Notice of Proposed Rulemaking issued by the FCC in early 1994 based upon an En Banc Hearing on Toll Fraud. It is at Compu$erve under the title of FRAUD.TXT . It has many interesting comments by industry types on PBX fraud, payphone fraud, cell fraud, etc. I don't have an exact date on it but the docket number is CC Docket 93-292. It may be available from the FCC's duplicating contractor: International Transcription Service at (202) 857-3800. [5] Standard and Poors's Industry Surveys come out every week on a different trade. Their reports of telecommunications are always top notch. Check out the September 22, 1994 (Vol. 162, No. 38, Sec 1.) for a good, current analysis of telecom. NB: Write to Communications Test Instruments (CTI) for some interesting information on cellular phone tracking and direction finding equipment. Rt. 1 South, P.O. Box 712, Kennebunk, Maine 04043 VI. AN INTERVIEW WITH DAMIEN THORN I first met Damien Thorn at Def Con last summer. I was impressed that he was writing for Nuts and Volts and that he had written for 2600 and Tap. I thought this interview might be a good way to introduce him to private line's readers. In the immediate future, we may reprint some of his more popular articles for Nuts and Volts, but only after they have been expanded, updated and revised for private line. They will also have different photographs and more of them. This interview was done in Stockton in March. It's shorter than I wanted but we were both under deadline pressure for other articles and projects. Apologies. What got you interested in hacking? This all goes back to when I was 11 to 13 years old. I really wasn't hacking, I was just trying to learn things. Talking basically to anyone with the phone company that I could. I grew up near Berkeley and my interest was in phones before there were any computers to get involved with. The first switches that I saw were in Oakland. The office that housed them had an ESS No. 1 and step by step equipment. I heard MF tones blaring out of a speaker at a test board during one visit to that office. I asked the guy what they were. Because I had always heard those when I when I called my cousin and I always wondered about them. He said he couldn't talk about that and ushered us into the next room. I used to go to UC Berkeley and hang out at their computer lab and at the Lawrence Hall of Science above the university. I'd play with actual teletypes spitting out rolls of yellow teletype paper with tape punch readers on the side. There wasn't much hacking then, I mean, I looked over people's shoulders, shoulder surfing, snag passwords to other accounts, but to this day I couldn't even tell you what computer these teletypes were hooked up to. By the time I was 15 or 16 I was living in the central valley. Ronnie Schnell and I had hacked Compuserve and their competitor The Source. Several hours into the process of downloading all the accounts and passwords that existed on the system, including those of the Dialcom computers that ran The Source, we kept getting these messages to call a "Fritz" at Dialcom immediately. Well, after talking to Fritz, Dialcom offered to pay us five bucks an hour to find all their security holes and tell them so they could patch them up. Which we did for a long time, while installing some back doors of our own. Maybe six months into that they thought they had their system pretty secure and they sent all their subscribers notices telling them to change their passwords. This was unbeknownst to us. In addition, they started encrypting their passwords. They changed everything at midnight one night and effectively locked us out of the system. The Source was a computer service operated by Readers' Digest. They didn't own the computers, which were PRIMES, operated by Dialcom in Silver Springs, Maryland. Dialcom also did e-mail for the government and things like that. Governmental agencies and what not. I think that bothered Dialcom a lot more than The Source. That's because all their systems were pretty much the same, just different applications of software running on them. It wasn't just Source user id's we were pulling out but the Environmental Protection Agencies' ids, mailboxes and so on. What about TAP magazine? The first issue came out in June, 1971. At that point I think it started as YIPL: Youth International Party Line; Abbie Hoffman had his hand in there somewhere. I think it was intended more as a counterculture, screw the government type of thing. Within a few issues it had evolved into being more telco related. Screw the telco, here's how it works, here's how you away with something. I came in later, say, within 20 issues of its demise. The first article I wrote? I'm not sure, there were a couple I wrote under several different nom-de-plumes which I'd rather not mention. If people want to research it they can go take a look and figure it out. But one was on COSMOS; I get to claim the distinction of writing the first article on how the COSMOS system worked. Essentially, COSMOS is a UNIX application that is used basically for data entry and database management for where the phone company's wires go. What pair goes with which wire. Things like that. At that time that stuff was really cutting edge because it was brand new, there were very few hackers, and not a lot of phone phreaks. And today I look at things that have been published in zines like Phrack. that go on for page after page after page about COSMOS and it makes back then look like what it was -- kids stuff. The end of TAP? The spring of 1984. Some circumstances happened with the editor's house apparently burning down, some suspicious circumstances. Cheshire Catalyst, the number two person in charge tried to revive it. A couple more issues came out and then it faded away. He went off into the corporate world and became a security consultant. What about blue boxing? I had a friend in the Bay Area who designed and built blue boxes and actually got caught. They were able to put an DNR on his line. Apparently at the time the way the law was interpreted that the telco and law enforcement could also record on audio tape the first thirty seconds of your phone calls simply for the purposes of identifying who on that number was making the offending calls. Any stupid phone tricks you can relate from yesteryear? The usual. Blue boxing from pay phone to payphone by looping. You could also loop with Sprint. There was no easy access, you were dialing a seven digit number to access their network. So you'd access their network locally, key in your Sprint code and then call their POP in Texas. You'd get the Sprint dial tone, key in a number back in California or whatever, New York, and start looping around until eventualy the signal is so degraded that the switch can't decode the touch tones. Or you'll get so much glare on the line that the circuit goes into a feedback loop. How is your BBS, Hacking Online, set up? Hacking Online is a small network, running on an Intel platform. A 486 DX266 machine with intelligent serial cards. We currently support ten lines on that machine. It handles communications: works the modems, has a port speed lock of 57.6 kbps, handles all the basic stuff. Our file libraries exist on two SCSI drives which comprise four gigs. There's also two CD ROM drives online. The other parts of the network handle our internet messaging, e-mail and our USENET feed which comes in by satellite. There's a dish on top of the roof which feeds a basic PC that gets the data coming from the satellite receiver. It's all processed and shot through the network to where the operating system (the BBS) can import it. We run Glacticomm's Major BBS software. Why a satellite for the USENET feed? USENET feeds can take up 80 megs a day. Transferring 80 megs over a dial up phone line with a 14.4 modem would take up about twenty hours. That would be an expensive connection, especially since there is no local internet provider. Our internet messaging, our e-mail, is done through a dial up UUCP, which stands for UNIX to UNIX Copy Protocol. Essentially, our PC, for the purposes of sending and receiving mail, emulates a UNIX machine, makes a call to a Bay Area UNIX machine through an X.25 network so we're not paying toll on that. The machines engage in the appropriate handshaking, hands off the packets that contain our outgoing mail and then receives our incoming mail, the connections terminate at each end, the software unbundles and uncompresses the mail and distributes it appropriately. What's slowing down the internet connection? Anyone who wants to get on the internet needs to go through a service provider who has a host, connected through a leased line or a T1 carrier to the net. Well, "the net" of course is a euphemism because there is no net where you just plug in. And then they provide the client software such as FTP, telnet, and gopher which you use to go places or download files. A lot of areas don't have that, including where we are here in Stockton. And you know, we're just fifty miles south of Sacramento. So we want to establish that service, to become the local internet provider. People in Stockton, anyone who wanted to call us here in Stockton, or Modesto or wherever we put our own little POPs, could get a local internet connection. Once the leased line is in, expanding just becomes putting a terminal server in another city with a router and connecting a leased line between it and us here. The costs are outrageous. There's an initial hardware investment which is expected and I can't complain about that. Getting the leased line to another provider who will serve as our connection is where the expense comes in. California is divided into different LATAs, which are geographical and political subdivisions which make no sense. If we want to connect to Peter Shipley's service in the Bay Area, for example, we have some problems. We may be able to get a fractional T1 from Pacific Bell for three or four hundred dollars a month up to the LATA point, then we have to pay a long distance carrier another couple of hundred bucks to take it across the LATA and then pay Pacific Bell again to carry it from the long distance carrier's POP to Shipley's facility. Our subscribers, though, would benefit from us being accessible from the net. Most of them, almost all of them, in fact, are not within our local calling area. We have people calling in every day from as far away as Venezuela and Scotland, so they would rather call their local internet provider and telnet over to us. You're in small claims court with Pacific Bell? We had some problems with installation. I wanted them to discount their installation fee for missing their appointment and generally screwing up the order. They said they couldn't because their fees are regulated by tariff and they have to charge everyone the same amount. We then called the state public utility commission here in California and they basically said the same thing. They told us that the phone company, though, is civilly liable for missed appointments like any public utilities under Senate Bill 101. They said we should just file a small claims suit. So, we called Pacific Bell's corporate office and told them what the PUC said. They admitted that was the case and they noted in the record that they had missed the appointment. So, because they can't discount my bill, I have to force them into court to write me a check. It's the principal of the thing. They hide behind the tariffs, there's nothing they can do. It pretty much shields them from being responsible for their actions. Well, I told them that we would sue them and we did. That's where we are right now. Where do you think cellular is going? I don't think we're going to see much change in 1995. The cloning problem I think will continue as it does now, which is an acceptable loss to the carrier. There's not going to be much done about it. I think we'll see some testing of fraud prevention systems begin this year but things will basically continue as they are. What's up with this video of yours? The intent of the video was to let people actually see the technology that I've written about and that others have written about. Lot of people have read articles about Motorola programming software or how ESNs are snagged out of the air. We try to show it. Here's a firmware replacement, this is the chip. Here's the ESN in a Radio Shack phone, here's how you type over it. 'Type, type type.' We took a lot of technology and demonstrated it. Almost all of it was done in different places, none of it was done over a kitchen table. We went everywhere from the Berkeley hills to just outside the area of our local switch in Stockton. We also visited Tech Support Systems in Menlo Park, the manufacturer of a cellular surveillance device in a briefcase. We had them demo it. Things like that. -- LOCAL DIAL UP PROBLEMS -- Local internet connections aren't just a problem for potential providers such as Hacking Online. Many of my readers live beyond a local dialup for internet service. This interesting article from Gannet highlights the situation: If he didn't live in Pinehurst, N.C., Sydney Gregory might already be on-line. But the retired businessman knows that if he joins Prodigy, Compuserve or America Online, he'll have to pay expensive long distance charges. Most of the "local" access numbers they provide are in larger metro areas, not in small towns like Pinehurst, a golfing mecca between Charlotte and Fayetteville. "They all spread the word how wonderful these programs are, but never mention (phone costs) if you're not in a larger community," he says. "They should be more forthcoming." Mark Dorosh of Shepherdstown, W.Va., agrees. The musician and student, 33, had to quit America Online after racking up a $200 long-distance bill the first month. Shepherdstown has a state college connected to Internet (as a student, Dorosh has access), but he covets America Online's extensive library of electronic music files. "Here I am, 70 miles from the nation's capital, America Online is 73 miles away, and the closest local number is 300 miles the other way, he says. While Prodigy and Compuserve maintain their own local access points, America Online uses phone connections provided by SprintNet and Tymnet, says spokeswoman Pam McGraw, so adding new numbers is "a net work provider issue." Sprint has 500 access points (300 in the USA) and gets many letters and petitions asking for more. "This has really become an issue with users," says spokeswoman Evette Fulton. "Sprint has to prioritize, because demand is coming in big-time." There are "no magic numbers," she says, but population density, computer sales and higher education are among factors considered in deciding if "computer traffic in an area can sustain the cost" of adding new points. Prodigy's Brian Ek says 80 per cent of its customers have local access, through Tymnet sites and its own 442-point network; Andy Boyer of Compuserve says it reaches 92 percent, and "100 per cent local dial is a very real goal." Compuserve members reach the service via 380 access points (340 in the USA). About 120,000 U.S. users don't have local access many connect either by an $8-an hour phone line or "telneting in" from another computer on the Internet. -- WHAT IS A POP? -- POP stands for point of presence. A POP is a switch. It's the place where calls go in a local area or LATA to a long distance provider. It's what's accessed when you dial a 10XXX code. Let's take an example. Let's say you use Sprint and that you want to make a long distance call. Your local exchange carrier, the one providing your local phone service, takes the call from the central office serving you and routes it to a bigger switch, often an access tandem switch like a No. 4ESS. From there, your call is routed on trunks to a POP, which is often located near a LATA boundary. Your call goes there and gets routed to Sprint's long distance network. There can be several POPs in any given LATA, depending on geography. You can tell that areas such as Cook County or New York city would need several. In Sprint's case, it is most probable that they own their own equipment at each Point of Presence and that dedicated trunks carry Sprint traffic to and from the POP. Is this clear? In other words, a POP serves as the point that a long distance carrier connects to the local exchange carrier. This connection occurs at a switch. The IXC can usually determine the location for its POP. A 10XXX code identifies each long distance carrier. This serves to direct the call to the right long distance company through the switch at the POP. 102888 for AT&T, 10222 for MCI, 10333 for Sprint and so on. Smaller companies may lease space on a switch if they don't have their own facility. Thus, some LD carriers may operate in certain areas but not in others. The majority of smaller long distance carriers actually use AT&T's network. VII. THE DIGITAL TELEPHONY BILL The article contains the full text of the Digital Telephony Bill. It's officially known as the "Communications Assistance for Law Enforcement Act." It was originally called "The Telecommunications Carrier's Duty Act of 1994" while making its way through Congress. Whatever you call it, this bill represents the greatest threat to electronic privacy that Americans have ever faced. Whether that threat will be carried out is a matter of debate and speculation. What is not open to debate is that law enforcement has been given the approval, the means and the money to listen in on any call at any time from anywhere. The phone system will be turned into a giant listening post, with capabilities beyond the dreams of any old line communist leader. Stalin would be envious. This bill modifies or amends Title 18 of the U.S. Code as well as Title 47. Title 18 deals with both federal crimes and federal criminal procedure. Criminal law. Think of it as a federal penal code. Title 18 comprises 14 volumes in annotated form! That's a lot of crime. The bill modifies, for example, section 1029, which I covered in the third issue. Title 47 deals with general law concerning telegraphs, telephones and radio telegraphs. Civil law. The bill creates a new chapter in this title as well amending dozens of existing laws. Check out the chart on the opposite page. Okay, you say, it's one big bill. Mucho details. What's the bottom line? The bottom line is that you and your friends are at risk. Aren't there positives? Yes and no. Yes, encryption is not banned. But that is not a benefit of the bill. You've had the right to use and develop an encryption based phone all along. Some say that that the bill requires surveillance to be conducted with the "affirmative action of the telecommunications carrier" and that this is a good thing. Nonsense. Wiretaps and REMOBS have always required such intervention to be legal. The problem now is that the such monitoring equipment will be permanently installed into nearly every central office switch in America. Big Brother used to leave. Well. friends, he's now staying put. The biggest positive is that the system they envision is so complex from a legal and technical standpoint, that the whole thing may collapse under its own weight. We can only hope. Speaking of complexity, the only way to put this kind of omnibus legislation into perspective is to look at each individual code section affected. And those sections are scattered throughout several titles, not just 18 and 47. Teams of lawyers drafted this monstrosity. Special interest groups fought for various sentences, paragraphs and semi-colons over a period of months and countless revisions. It could be argued that no one outside of the players involved, could understand the entire bill. The average citizen never had a chance. As complex as this bill may seem, however, it is really more complicated than it appears. That's because statutes don't stand on their own. The United States Code constitutes statutory law. A legislative body drafts and passes statutes. Regulatory law is made by administrative bodies. Like the FCC or the Justice Department. Regulations enable statutes. They make the law specific. Statutes tell you what the law is. Regulations tell you how the law will be carried out. Not all codes have a corresponding regulation but many do. For example, this bill declares that $500,000,000 gets paid by the government to the telephone companies. This blood money helps with the cost of installing the equipment that the bill itself requires. But how do you dispense a half billion dollars? Section 109 of this bill requires that the Attorney General and the FCC get together to pass the regulations needed to carry out the payments. So, this bill is just one part of an even bigger body of law. In addition, case law or common law modifies both statutory and regulatory law. I featured Section 1029 in the last issue. 1029 did not specifically state that cloned cellular phones were access devices. $1029, after all, was first drafted before cloning became a problem. The court in US v Brady, though, strongly suggested that they were. Legislators often incorporate or codify statutory law by amending code sections once case law comes down. "Oh. we forgot to put in cloned phones? Okay, let's change the law and include them. Next problem." It is completely predictable that new technology and new court decisions will affect the Digital Telephony Bill. So, we have statutory law. regulatory law and case law. Each may affect the other.. In addition, the law is never administered fairly or evenly in all cases at all times. How the law is actually carried out is as important as what is written down. The bill makes listening in on cord less phones illegal. The penalty, though, is only $500, about what they fine you for littering in California. So, there won't be much prosecution going forward over that section. Unless you are a Mitnick type in which case you will be hounded for it. But if you are a member of law enforcement and you just happen to have a scanner, well, you know what the response will be. +NOTE: MY COMMENTS ARE FRAMED BY PLUS SIGNS+ Diagram of The Digital Telephony Bill .......72 Introduction ................................7 3 Title 1, Interception of Digital And Other Communications..............................74 Statute and Regulation Diagram ..............77 Title 2, Amendments to Title 18, United States Code .......................................7 9 18 U.S.C. 1029 (As amended by the Digital Telephony Bill) ............................81 Title 3, Amendments to the Communications Act of 1934 ....................................82 TITLE I, INTERCEPTION OF DIGITAL AND OTHER COMMUNICATIONS [Creates a new chapter (Chapter 9) within Title 47 of the United States Code. Title 47 deals with "Telegraphs, Telephones & Radio Telegraphs." The following section numbers belong to the Digital Telephony Bill. The section numbers in Chapter 9 actually start at 1001. ] SECTION 101. SHORT TITLE This title may be cited as the "Communications Assistance for Law Enforcement Act". Section 102. DEFINITIONS For purposes of this title -- (1) The terms defined in section 2510 of title 18, United States Code, have, respectively, the meanings stated in that section. (2) The term "call-identifying information" means dialing or signaling information that identifies the origin, direction, destination, or termination of each communication generated or received by a subscriber by any means of any equipment, facility, or service of a telecommunications carrier. (3) The term "Commission" means the Federal Communications Commission. (4) The term "electronic messaging services" means software- based services that enable the sharing of data, images, sound, writing, or other information among computing devices controlled by the senders or recipients of the messages. (5) The term "government" means the government of the United States and any agency or instrumentality thereof, the District of Columbia, any commonwealth, territory, or possession of the United States, and any State or political subdivision thereof authorized by law to conduct electronic surveillance. (6) The term "information services"-- (A) means the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing, or making available information via telecommunications; and (B) includes -- (i) a service that permits a customer to retrieve stored information for storage in, information storage facilities; (ii) electronic publishing; and (iii) electronic message services; but (C) does not include any capability for a telecommunications carrier's internal management, control or operation of its telecommunications network. (7) The term "telecommunications support services" means a product, software, or service used by a telecommunications carrier for the internal signaling or switching functions of its telecommunications network. (8) The term "telecommunications carrier" (A) means a person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; and (B) includes-- (i) a person or entity engaged in providing commercial mobile service (as defined in section 332(d) of the Communications Act of 1934 (47 U.S.C. 332(d) or (ii) a person or entity engaged in providing wire or electronic communication switching or transmission service to the extent that the Commission finds that such service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of this title; but (C) does not include-- (i) persons or entities insofar as they are engaged in providing information services; and (ii) any class of category of telecommunications carriers that the Commission exempts by rule after consultation with the Attorney General. +A telecommunications carrier includes local and long distance phone companies, as well as cellular and PCS providers. An information service provider seems to include any online data base, internet provider or a BBS.+ SECTION 103. ASSISTANCE CAPABILITY REQUIREMENTS (a) Capability Requirements -- Except as provided in subsections (b), (c), and (d) of this section and sections 108(a) and 109(b) and (d), a telecommunications carrier shall ensure that its equipment, facilities, or services that provide a customer or subscriber with the ability to originate, terminate, or direct communications are capable of-- (1) expeditiously isolating and enabling the government pursuant to a court order or other lawful authorization to intercept, to the exclusion of any other communications, all wire and electronic communications carried by the carrier within a service area to or from equipment, facilities, or services of a subscriber of such carrier concurrently with their transmission to or from the subscriber's equipment, facility, or service, or at such later time as may be acceptable to the government; (2) expeditiously isolating and enabling the government pursuant to a court order or other lawful authorization, to access call identifying information that is reasonably available to the carrier-- (A) before, during or immediately after the transmission of a wire or electronics communication (or at such later time as may be acceptable to the Government); and the communication to which it pertains, except that, with regard to information acquired solely pursuant to the authority for pen registers and trap and trace devices (as defined in section 3127 of title 18, United States Code), such call identifying information shall not include any information that may disclose the physical location of the subscriber (except to the extent that the location may be determined from the telephone number); (3) delivering intercepted communications and call- identifying information to the government, pursuant to a court order or other lawful authorization, in a format such that they may be transmitted by means of equipment, facilities or services procured by the government to a location other than the premises of the carrier; and (4) facilitating authorized communications and access to call identifying information unobtrusively and with a minimum of interference with any subscriber's telecommunications service and in a manner that protects -- (A) The privacy and security of communications and call- identifying information not authorized to be intercepted; and (B) information regarding the government's interception of communications and access to call-identifying information. (b) LIMITATIONS.-- (1) DESIGN OF FEATURES AND SYSTEMS CONFIGURATIONS.-- This title not authorize any law enforcement agency or officer -- (A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer or telecommunications equipment, or any provider of telecommunications support services; or (B) to prohibit the adoption of any equipment, facility, service or feature by any provider of a wire or electronic communication service, any manufacturer or telecommunications equipment, (2) INFORMATION SERVICES; PRIVATE NETWORKS AND INTER- CONNECTION SERVICES AND FACILITIES. -- The requirements of subsection (a) do not apply to -- (A) information services; or (B) equipment, facilities, or services that support the transport or switching of communications for private networks or for the sole purpose of interconnecting telecommunications carriers. (3) ENCRYPTION.-- A telecommunications carrier shall not be responsible for decrypting, or ensuring the government's ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication. (c) EMERGENCY OR EXIGENT CIRCUMSTANCES. -- (including those described in sections 2518 (7) or (11)(b) and 3125 of title 18, United States Code, and section 1805 (e) of title 50 of such Code), a carrier at its discretion may comply with subsection (a)(3) by allowing monitoring at its premises if that is the only means of accomplishing the interception or access. (d) MOBILE SERVICES ASSISTANCE REQUIREMENTS.-- A telecommunications carrier that is a provider of commercial mobile service (as defined in $332(d) of the Communications Act of 1934) offering a feature or service that allows subscribers to redirect, hand off, or assign their wire or electronic communications to another service area or another service provider or to utilize facilities in another service area or of another service provider shall ensure that, when the carrier that had been providing assistance for the interception of wire or electronic communications or access to call identifying information within the service area in which interception has been occurring as a result of the subscriber's use of such a feature or service, information is made available to the government (before, during, or immediately after the transfer of such communications) identifying the provider of a wire or electronic communication service that has acquired access to the communications. +Section 103 is the backbone of the digital telephony bill. It spells out what the government requires of the carriers and what it does not. Information services seem exempt for now. That carves out an exception for devices like the internet phone. Expect this code section to be amended as voice over the net becomes more common. Note, too, that this code section does nothing to guarantee a person's right to use encryption. It just states that a carrier won't be held responsible for decrypting traffic that it passes. (As if Sprint could decrypt a PGP encoded message.)+ SECTION 104. NOTICES OF CAPACITY REQUIREMENTS. (a) NOTICES OF MAXIMUM AND ACTUAL CAPACITY REQUIREMENTS.-- (1) IN GENERAL.-- Not later than 1 year after the date of enactment of this title, after consulting with State and local law enforcement agencies, telecommunications carriers, providers of telecommunications support services, and manufacturers of telecommunications equipment, and after notice and comment, the Attorney General shall publish in the Federal Register and provide to appropriate telecommunications industry associations and standards-setting organizations-- (A) notice of the actual number of communication interception, pen register, and trap and trace devices, representing a portion of the maximum capacity set forth under subparagraph (B), that the Attorney General estimates that government agencies authorized to conduct electronic surveillance may conduct and use simultaneously by the date that is 4 years after the date of enactment of this title; and (B) notice of the maximum capacity required to accommodate all of the communication interceptions, pen registers, and trap and trace devices that the Attorney General estimates that government agencies authorized to conduct electronic surveillance may conduct and use simultaneously after the date that is 4 years after the date of enactment of this title. (2) BASIS OF NOTICES.-- The notices issued under paragraph (1)-- (A) may be based upon the type of equipment , type of service, number of subscribers, type or service or carrier, nature of service area, or any other measure; and (B) shall identify, to the maximum extent practicable, the capacity required at specific geographic locations. (b) COMPLIANCE WITH CAPACITY NOTICES.-- (1) INITIAL CAPACITY.-- Within 3 years after the publication by the Attorney General of a notice of capacity requirements or within 4 years after the date of enactment of this title, whichever is longer, a telecommunications carrier shall, subsection (e) ensure that its systems are capable of-- (A) accommodating simultaneously the number of interceptions, pen registers, and trap and trace devices set forth in the notice under subsection (a)(1)(A); and (B) expanding to the maximum capacity set forth in the notice under subsection (a)(1)(B). (c) NOTICES OF INCREASED MAXIMUM CAPACITY REQUIREMENTS.-- (1) NOTICE.-- The Attorney General shall periodically publish in the Federal Register, after notice and comment, notice of any necessary increases in the maximum capacity requirement set forth in the notice under subsection (a)(1)(b). (2) COMPLIANCE.-- Within 3 years after notice of increased maximum capacity requirements is published under paragraph (1), or within such longer time period as the Attorney General may specify, a telecommunications carrier shall, subject to subsection (e), ensure that its systems are capable of expanding to the increased maximum capacity set forth in this notice. (d) CARRIER STATEMENT.-- Within 180 days after the publication by the Attorney General of a notice of capacity requirements pursuant to subsection (a) or (c), a telecommunications carrier shall submit to the Attorney General a statement identifying any of its systems or services that do not have the capacity to simultaneously the number of interceptions, pen registers, and trap and trace devices set forth in the notice under such subsection. (e) REIMBURSEMENT REQUIRED FOR COMPLIANCE.-- The Attorney General shall review the statements submitted under subsection (d) and may, subject to the availability of appropriations, agree to reimburse a telecommunications carrier for costs directly associated with modifications to attain such capacity requirement that are determined to be reasonable in accordance with section 109(e), such modification, such carrier shall be considered to be in compliance with the capacity notices under subsection (a) or (c). Section 104 requires that the government tell the public and industry just how much hardware and software it wants. The Justice Department, therefore, will have to argue for their bugging equipment in public. Perhaps. We may find that a certain amount of equipment gets installed without much public discussion. I think the only debate will be between the carriers and the government over costs and technical matters. The carrier will probably install as many devices as the government wants, as long as they are compensated for it and so long as the equipment doesn't interfere with the telco's operation. The carrier may not want to put in the equipment but they really don't have a choice. Section 105 Systems Security and Integrity A telecommunications carrier shall ensure that any interception of communications or access to call-identifying information effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission. +I'm confused by this. I've hear some privacy wonks say that this is a great provision. They say it prevents the government from snooping at will. Yet the whole idea of this bill is to enable remote monitoring at will. Each intercept requires telco notification and approval. The telco, in fact, is charged with ensuring that all such intercepts meet regs and specs. So, MCI tells the FBI to get lost if the feds don't have the right paperwork? In reality, it is probably as simple as faxing a warrant to the carrier when needed. A more difficult situation arises if the telco notices their system being used without authorization. What then? In addition, many central offices aren't staffed around the clock. There's too many of them. Pacific Bell alone has over 800 dial tone producing CO's and remotes. The telco, therefore, will need to be able to remotely turn on the monitoring equipment. That will create another gateway into the system.+ Section 106 Cooperation of Equipment Manufacturers and Providers of Telecommunications Support Services (a) Consultation.-- A telecommunications carrier shall consult as necessary, in a timely fashion with manufacturers or its telecommunications transmission and switching equipment and its providers of telecommunications support services for the purposes of ensuring that current and planned equipment, facilities, and services comply with the capability requirements of section 103 and the capacity requirements identified by the Attorney General under section 104. (b) Cooperation.-- Subject to sections 104(e), 108(a), and 109(b) and (d), a manufacturer of telecommunications transmission or switching equipment and a provider of telecommunications support services shall, on a reasonably timely basis and at a reasonable charge, make available to the telecommunications carriers using its equipment, facilities, or services such features or modifications are necessary to permit such carriers to comply with the capability requirements of section 103 and the capacity requirements identified by the Attorney General under section 104. +Gets the manufacturers on board. Big Brother want this bill bad.+ Section 107. Technical Requirements and Standards; Extension of Compliance Date (a) SAFE HARBOR.-- (1) CONSULTATION. To ensure the efficient and industry-wide implementation of the assistance capability requirements under section 103 , the Attorney General, in coordination with other Federal, State, and local law enforcement agencies, shall consult with appropriate associations and standard-setting organizations of the telecommunications industry, with representatives of users of telecommunications equipment, facilities, and services, and with State utility commissions. (2) COMPLIANCE UNDER ACCEPTED STANDARDS. -- A telecommunications carrier shall be found to be in compliance with the assistance capability requirements under section 103, and a manufacturer of telecommunications transmission or switching equipment or a provider of telecommunications support services shall be found in compliance with section 106, if the carrier, manufacturer, or support service provider is in compliance with publicly available technical requirements or standards adopted by an industry association or standard-setting organization, or by the Commission under subsection (b), to meet the requirements of section 103. (3) ABSENCE OF STANDARDS.-- The absence of technical requirements or standards for implementing the assistance capability requirements or standards for implementing the assistance capability requirements of section 103 shall not-- (A) preclude a telecommunications carrier, manufacturer, or telecommunications support services provider from deploying a technology or service; or (B) relieve a carrier, manufacturer, or telecommunications support services provider of the obligations imposed by section 103 or 106, as applicable. (b) COMMISSION AUTHORITY. -- If industry associations or standard- setting organizations fail to issue technical requirements or standards or if a Government agency or any other person believes that such requirements or standards are deficient, the agency or person may petition the Commission to establish, by rule, technical requirements or standards that-- (1) meet the assistance capability requirements of section 103 by cost-effective methods; (2) protect the privacy and security of communications not authorized to be intercepted; (3) minimize the cost of such compliance on residential ratepayers; (4) serve the policy of the United States to encourage the provision of new technologies and services to the public; and (5) provide a reasonable time and conditions for compliance with and the transition to any new standard, including defining the obligations of telecommunications carriers under section 103 during any transition period. (c) EXTENSION OF COMPLIANCE DATE FOR EQUIPMENT, FACILITIES, AND SERVICES.-- (1) PETITION.-- A telecommunications carrier proposing to install or deploy, or having installed or deployed, any equipment, facility or service prior to the effective date of section 103 may petition the Commission for 1 or more extensions of the deadline for complying with the assistance capability requirements under section 103. (2) GROUNDS FOR EXTENSION.-- The Commission may, after consultation with the Attorney General, grant an extension under subsection, if the Commission determines that compliance with the assistance capability requirements under section 103 is not reasonably achievable through application of technology available within the compliance period. (3) LENGTH OF EXTENSION.-- An extension under this subsection shall extend for no longer than the earlier of-- (A) the date determined by the Commission as necessary for the carrier to comply with the assistance capability requirements under section 103; or (B) the date that is 2 years after the date on which the extension is granted. (4) APPLICABILITY OF EXTENSION.-- An extension under this subsection shall apply to only that part of the carrier's business on which the new equipment, facility, or service is used. +An industry wide effort is called for to make sure that the entire public switched telephone network gets wired according to government specifications. Calls for the telecom industry to set standards for developing the needed equipment. The FCC gets charged with setting standards if industry doesn't. The government needs the latest technology for all this to work. Most of us big city folks are living under System 7 and CLASS: Custom Local Area Signaling Service. Specific circuit boards enable caller ID as well as many advanced services when installed in digital switches like a 5ESS or DMS 100. It's my guess that the spooks want a board designed for existing switches that give them the capabilities they want. Along with the software to control it. The other possibility is a black box approach. You dedicate and design a PC to work along with the switch for a specific purpose. In any case, such equipment may not be too difficult to design since the telco can already do what the Feds want now. The telco, of course, wants to make sure that any such equipment works with the least interference to its switch or its network. Such a device will have a lot of people involved with its design and sales. No doubt there will be product literature to read and patents to look up. . .+ SECTION 108 ENFORCEMENT ORDERS (a) GROUNDS FOR ISSUANCE.-- A court shall issue an order enforcing this title under section 2522 of title 18, United States Code, only if the court finds that-- (1) alternative technologies or capabilities or the facilities of another carrier are not reasonably available to law enforcement for implementing the interception of communications or access to call-identifying information; and (2) compliance with the requirements of this title is reasonably available achievable through the application of available technology to the equipment, facility or service at issue or would have been reasonably achievable if timely action had been taken. (b) TIME FOR COMPLIANCE.-- Upon issuing an order enforcing this title, the court shall specify a reasonable time and conditions for complying with its order, considering the good faith efforts to comply in a timely manner, any effect on the carrier's, manufacturer's or service provider's ability to continue to do business, the degree of culpability or delay in undertaking efforts to comply, and such other matters as justice may require. (c) LIMITATIONS.--An order enforcing this title may not -- (1) require a telecommunications carrier to meet the Government's demand for interception of communications and acquisition of call-identifying information to any extent in excess of the capacity for which the Attorney General has agreed to reimburse such carrier. (2) require any telecommunications carrier to comply with the capability assistance requirement of section 103 if the Commission has determined (pursuant to section 109(b)(1) that compliance is not reasonably achievable, unless the Attorney General has agreed (pursuant to section 109(b)(2) to pay the costs described in section 109(b)(2)(A); or (3) require a telecommunications carrier to comply with assistance capability requirement of section 103, any equipment, facility, or service deployed on or before January 1, 1995, unless -- (A) the Attorney General has agreed to pay the telecommunications carrier for all reasonable costs directly associated with modifications necessary to bring the equipment, facility, or service into compliance with those requirements; or (B) the equipment, facility, or service has been replaced or significantly upgraded or otherwise undergoes major modification. No bill is much good unless there's a penalty. Well, here it is. Get your act together Mr. Telco or the Feds will drag you into court. There is some leeway for a telco with older switches that can't be economically retrofitted. SECTION 109 PAYMENT OF COSTS OF TELECOMMUNICATIONS CARRIERS TO COMPLY WITH CAPABILITY REQUIREMENTS (a) EQUIPMENT, FACILITIES, AND SERVICES DEPLOYED ON OR BEFORE JANUARY 1, 1995. -- The Attorney General may, subject to the availability of appropriations, agree to pay telecommunications carriers for all reasonable costs directly associated with the modifications performed by carriers in connection with equipment, facilities, and services installed or deployed on or before January 1, 1995, to establish the capabilities necessary to comply with section 103. (b) EQUIPMENT, FACILITIES, AND SERVICES DEPLOYED AFTER JANUARY 1, 1995. -- (1) DETERMINATIONS OF REASONABLE ACHIEVABLE. -- The Commission, on petition from a telecommunications carrier or any other interested person, and after notice to the Attorney General, shall determine whether compliance with the assistance capability requirements of section 103 is reasonably achievable with respect to any equipment, facility, or service installed or deployed after January 1, 1995. The Commission shall make such determination within one year after the date such petition is filed. In making such determination, the Commission shall determine whether compliance would impose significant difficulty or expense on the carrier or on the users of the carrier's systems and shall consider the following factor: (A) The effect on public safety and national security. (B) The effect on rates for basic residential telephone service. (C) The need to protect the privacy and security of communications not authorized to be intercepted. (D) The need to achieve the capability assistance requirements of section 103 by cost-effective methods. (E) The effect on the nature and cost of the equipment, facility, or service at issue. (F) The effect on the operation of the equipment, facility, or service at issue. (G) The policy of the United States to encourage the provision of new technologies and services to the public. (H) The financial resources of the telecommunications carrier. (I) The effect on competition in the provision of telecommunications services. (J) The extent to which the design and development of the equipment, facility, or service was initiated before January 1, 1995. (K) Such other factors as the Commission determines are appropriate. (2) COMPENSATION.-- If compliance with the assistance capability requirements of Section 103 is not reasonably achievable with respect to equipment, facilities, or services deployed after January 1, 1995 (A) the Attorney General, on application of a telecommunications carrier, may agree, subject to the availability of appropriations, to pay the telecommunications carrier for the additional reasonable costs of making compliance with such assistance capability requirements reasonably achievable; and (B) if the Attorney General does not agree to pay such costs, the telecommunications carrier shall be deemed to be in compliance with such capability requirements. (c) ALLOCATION OF FUNDS FOR PAYMENT.Q The Attorney General shall allocate funds appropriated to carry out this title in accordance with law enforcement priorities determined by the Attorney General. (d) FAILURE TO MAKE PAYMENT WITH RESPECT TO EQUIPMENT FACILITIES, AND SERVICES DEPLOYED ON OR BEFORE JANUARY 1, 1995.QIf a carrier has requested payment in accordance with procedures promulgated pursuant to subsection (e), and the Attorney General has not agreed to pay the telecommunications carrier for all reasonable costs directly associated with modifications necessary to bring any equipment, facility, or service deployed on or before January 1, 1995, into compliance with the assistance capability requirements of section 103, such equipment, facility, or service shall be considered to be in compliance with the assistance capability requirements of section 103 until the equipment, facility, or service or replaced or significantly upgraded or otherwise undergoes major modification. (e) COST CONTROL REGULATIONS.Q (1) IN GENERAL The Attorney General shall, after notice and comment, establish regulations necessary to effectuate timely and cost-efficient payment to telecommunications carriers under this title, under chapters 119 and 121 of title 18, United States Code, and under the Foreign Intelligence Surveillance Act of 1978 (60 U.S.C. 1801 et seq.). (2) CONTENTS OF REGULATIONSQThe Attorney General, after consultation with the Commission, shall prescribe regulations for purposes of determining reasonable costs under this title. Such regulations shall seek to minimize the cost to the Federal Government and shallQ (A) permit recovery from the Federal Government of-- (i) the direct costs of developing the modification described in subsection (a), of providing the capability requested under subsection (b)(2), or of providing the capacities requested under section 104(e) , but only to the extent that such costs have not been recovered from any other governmental or non governmental entity; (ii) the costs of training personnel in the use such capabilities or capacities, and (iii) the direct costs of deploying or installing such capabilities or capacities; (B) in the case of any modification that may be useful for any purpose other than lawfully authorized electronic surveillance by a law enforcement agency of a government permit recovery of only the incremental cost of making the modification suitable for such law enforcement purposes, and (C) maintain the confidentiality of trade secrets. (3) SUBMISSION OF CLAIMS.QSuch regulations shall require any telecommunications carrier that the Attorney General has agreed to pay for modifications pursuant to this section that has installed or deployed such modification to submit to the Attorney General a claim for payment that contains or is accompanied by such information as the Attorney General may require. The government agrees to pay for most of what they want. The telcos are in a bad way. They may not like the law but they can't ignore it. Most of these companies, after all, are subject to federal regulation in some part of their operations. Speaking of regulations, this section creates plenty. The Digital Telephony Bill might become a bureaucratic nightmare. Didn't the Newtmeister want a one year freeze on all new regs? That would panic everybody. All the information used to develop the regs and reports should be publicly available but let's wait and see. SECTION 110 AUTHORIZATION OF APPROPRIATIONS. There are authorized to be appropriated to carry out this title a total of $500,000,000 for fiscal years 1995, 1996, 1997, and 1998. Such sums are authorized to remain available until expended. This bill creates a half billion dollar industry. Consultants, programmers, switch technicians, telco employees and the feds will all be involved. (As well as the hacker community) There will probably be newsletters, articles and conventions relating to compliance. Such fun. Count on the feds' equipment and procedures to be compromised. A system allowing one to intercept a specific call, reroute it, and then listen in on the conversation itself, may prove an irresistible target to many. It's my understanding that REMOBS is set up on a case by case basis. An individual wiretap gets set up and taken down as the need arises. But we are talking here about a permanently installed system with dedicated ports. The FBI may even get bugged themselves by hackers or, more probably, other governmental agencies. We'll know more when the regs come out and we can guess about the equipment. For all we know, the FBI and Bellcore may be conducting field trials right now. SECTION 111. EFFECTIVE DATE (a) IN GENERAL.QExcept as provided in subsection (b), this title shall take effect on the date of enactment of this Act. (b) ASSISTANCE CAPABILITY AND SYSTEM SECURITY AND INTEGRITY REQUIREMENTS.QSections 103 and 105 of this title shall effect on the date that is 4 years after the date of enactment of this Act. SECTION 112 REPORTS (a) REPORTS BY THE ATTORNEY GENERAL (1) IN GENERAL.QOn or before November 30, 1995 and on or before November 30 of each year thereafter, the Attorney General shall submit to Congress and make available to the public a report on the amounts paid during the pre-fiscal year to telecommunications carriers under sections 104(e) and 109. (2) CONTENTS.QA report under paragraph (1) shall includeQ (A) a detailed accounting of the amounts paid to each carrier and the equipment, facility, or service for which the amounts were paid; and (B) projections of the amounts expected to be paid in the current fiscal year, the carrier to which payment is expected to be made, and the equipment, facilities, or services for which payment is expected to be made. (b) REPORT BY THE COMPTROLLER GENERAL.-- (1) PAYMENT FOR MODIFICATIONS.QOn or before April 1, 1996, and every 2 years thereafter, the Comptroller General of the United States, after consultation with the Attorney General and the telecommunications industry, shall submit to the Congress a reportQ (A) describing the type of equipment, facilities, and services that have been brought into compliance under this title, and (B) reflecting its analysis of the reasonableness and cost- effectiveness of the payments made by the Attorney General to telecommunications carriers for modifications necessary to ensure compliance with this title. (2) COMPLIANCE COST ESTIMATES-- A report under paragraph (1) shall include the findings and conclusions of the Comptroller General on the costs to be incurred by telecommunications carriers to comply with the assistance capability requirements of section 103 after the effective date of such section 103, including projections of the amounts expected to be incurred and a description of the equipment, facilities, or services for which they are expected to be incurred. TITLE IIQAMENDMENTS TO TITLE 18, UNITED STATES CODE SECTION 201. COURT ENFORCEMENT OF COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT. (a) COURT ORDER UNDER CHAPTER 119.QChapter 119 of title 18, United States Code, is amended by inserting after section 2521 the following new section: $2522. Enforcement of the Communications Assistance for Law Enforcement Act (a) ENFORCEMENT BY COURT ISSUING SURVEILLANCE ORDER.Q a court authorizing an interception under this chapter, a State statute, or the Foreign intelligence Surveillance Act of 1978 (60 USC 1801 et seq.) or authorizing use of a pen register or a tap and trace device under chapter 206 or a State statute finds that a telecommunications carrier has failed to comply with the requirements of the Communications Assistance for Law Enforcement Act, the court may, in accordance with section 108 of such act, direct that the carrier comply forthwith and may direct that the provider of support services to the carrier or the manufacturer of the carrier's transmission or switching equipment furnish forthwith the modifications necessary for the carrier to comply. (b) ENFORCEMENT BY APPLICATION BY ATTORNEY GENERAL.-- may, in a civil action in the appropriate United States district court, obtain an order, in accordance with section 108 of the Communications Assistance for Law Enforcement Act, directing that a telecommunications carrier, a manufacturer of telecommunications transmission or switching equipment, a provider of telecommunications support services comply with such Act. (c) CIVIL PENALTY In General.- A court issuing an order under the section against a telecommunications carrier, a manufacture of telecommunications transmission or switching equipment or a provider of telecommunications support services impose a civil penalty of up to $10,000 per day for each day in violation after the issuance of the order or after such future date as the court may specify. "(2) CONSIDERATIONS.QIn determining whether to impose a civil penalty and in determining its amount, the court take into accountQ "(A) the nature, circumstances, and extent of the violation; "(B) the violator's ability to pay, the violator's good faith efforts to comply in a timely manner, any effect on the violator's ability to continue to do business, the degree of culpability, and the length of any delay in undertaking efforts to comply; and "(C) such other matters as justice may require. "(d) DEFINITIONS.QAs used in this section, the terms defined in section 102 of the Communications Assistance for Law Enforcement Act have the meanings provided, respectively, in section." (b) CONFORMING AMENDMENT.Q (1) Section 2518(4) of title 18, United States Code amended by adding at the end the following new sentence "Pursuant to section 2522 of this chapter, an order may also be issued to enforce the assistance capability and capacity requirements under the Communications Assistance for Enforcement Act.". (2) Section 3124 of such title is amended by adding at the end the following new subsection: "(f) COMMUNICATIONS ASSISTANCE ENFORCEMENT ORDERS Pursuant to section 2622, an order may be issued to enforce the assistance capability and capacity requirements under the Communications Assistance for Law Enforcement Act.". (3) The table of sections at the beginning of chapter of title 18, United States Code, is amended by inserting the item pertaining to section 2521 the following new item: "2622. Enforcement of the Communications For Law Enforcement Assistance Act." Another enforcement order? Didn't we just see one in section 108? we did, but that was for Chapter 9 of Title 47. The section above applies to Title 18 in Chapter 119, popularly known as the Electronic Communications Privacy Act. The E.C.P.A. is contained in 18 U.S.C. 2510 et seq. It's all about wiretaps and electronic monitoring. Makes great reading if you have the time. Section 201 deals with courts that are actually ordering a wiretap. They can impose penalties on carriers who can't arrange an interception because they haven't yet complied with the Digital Telephony Bill. Section 108, on the other hand, does not depend on a wiretap. It is, instead, a general enforcement section. It lets the feds sue a carrier who hasn't complied with the "Communications Assistance for Law Enforcement Act" by a certain amount of time. SECTION 202 CORDLESS TELEPHONES (a) DEFINITIONSQSection 2510 of title 18, United States Code, is amendedQ (1) in paragraph (1), by striking "but such term does not include" and all that follows through "base unit"; and (2) in paragraph (12), by striking subparagraph (A) and redesignating subparagraphs (B), (C), and (D) as subparagraphs (A), (B), and (C), respectively (b) PENALTYQSection 2511 of title 18, United States is amendedQ (1) in subsection (4)(b)(i) by inserting a "cordless communication that is transmitted between the cordless phone handset and the base unit," after "cellular telephone communication," and (2) in subsection (4)(b)(ii) by inserting "a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit," after "cellular telephone communication,". SECTION 203 RADIO-BASED DATA COMMUNICATIONS Section 2510(16) of title 18, United States Code, is amended Q (1) by striking "or" at the end of subparagraph (D); (2) by inserting "or" at the end of subparagraph (E) and (3) by inserting after subparagraph (E) the following new subparagraph: "(F) an electronic communication;". SECTION 204 PENALTIES FOR MONITORING RADIO COMMUNICATIONS THAT ARE TRANSMITTED USING MODULATION TECHNIQUES WITH NONPUBLIC PARAMETERS Section 2511(4)(b) of title 18, United States Code, is amended by striking "or encrypted, then" and inserting ", encrypted, or transmitted using modulation techniques the essential parameters of which have been withheld from the public with the intention of preserving the privacy of such communication, then". SECTION 205 TECHNICAL CORRECTION Section 2511(2)a)(i) of title 18, United States Code, is amended by striking "used in the transmission of a wire communication" and inserting "used in the transmission of a wire or electronic communication". SECTION 206 FRAUDULENT AL-ALTERATION OF COMMERCIAL MOBILE RADIO INSTRUMENTS Please see the text of this section on the opposite page SECTION 207 TRANSACTIONAL DATA (a) DISCLOSURE OF RECORDS. Section 2703 of title 18, United States Code, is amendedQ (1) in subsection (c)(1)-- (A) in subparagraph (B)-- (i) by striking clause (i) and (ii) by redesignating clauses (ii), (iii), and (iv) as clauses (i), (ii), and (iii), respectively; and (B) by adding at the end the following new subparagraph: "(C) A provider of electronic communication service or remote computing service shall disclose to a governmental entity the address, telephone toll billing records, telephone number or other subscriber number or identity, and length of service of a subscriber to or customer of such service and the types of services the subscriber or customer utilized, when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under subparagraph (B)."; and (2) by amending the first sentence of subsection (d) to read as follows: "A court order for disclosure under subsection (b) or (c) may be issued by any court that is a court of competent jurisdiction described in section 3126(2)(A) and shall issue if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation." (b) PEN REGISTER AND TRAP AND TRACE DEVICES -- Section 3121 of title 18, United States Code, is amendedQ (1) by redesignating subsection (c) as subsection (d); (2) by inserting after subsection (b) the following new section: (C) LIMITATION.QA government agency authorized to install and use a pen register under this chapter or under State law shall use technology reasonably available to it that restricts recording or decoding of electronic or other impulses to the dialing and signaling information utilized in call processing.". SECTION. 208. AUTHORIZATION FOR ACTING DEPUTY ATTORNEYS GENERAL IN THE CRIMINAL DIVISION TO AP-PROVE CERTAIN COURT APPLICATIONS Section 2616(1) of title 18, United States Code, is amended by inserting "or acting Deputy Assistant Attorney General" after "Deputy Assistant Attorney General". TITLE III--AMENDMENTS TO THE COMMUNICATIONS ACT OF 1934 SECTION 301. COMPLIANCE COST RECOVERY. Title II of the Communications Act of 1934 is amended by inserting after section 228 (47 U.S.C. 228) the following new section: "SEC. 229. COMMUNICATIONS ASSISTANCE FOR LAW ENFORCEMENT ACT COMPLIANCE. "(a) In General: The Commission shall prescribe such rules as are necessary to implement the requirements of the Communications Assistance for Law Enforcement Act. "(b) Systems Security and Integrity: The rules prescribed pursuant to subsection (a) shall include rules to implement section 105 of the Communications Assistance for Law Enforcement Act that require common carriers-- "(1) to establish appropriate policies and procedures for the supervision and control of its officers and employees-- "(A) to require appropriate authorization to activate interception of communications or access to call- identifying information; and "(B) to prevent any such interception or access without such authorization; "(2) to maintain secure and accurate records of any interception or access with or without such authorization; and "(3) to submit to the Commission the policies and procedures adopted to comply with the requirements established under paragraphs (1) and (2). "(c) Commission Review of Compliance: The Commission shall review the policies and procedures submitted under subsection (b)(3) and shall order a common carrier to modify any such policy or procedure that the Commission determines does not comply with Commission regulations. The Commission shall conduct such investigations as may be necessary to insure compliance by common carriers with the requirements of the regulations prescribed under this section. "(d) Penalties: For purposes of this Act, a violation by an officer or employee of any policy or procedure adopted by a common carrier pursuant to subsection (b), or of a rule prescribed by the Commission pursuant to subsection (a), shall be considered to be a violation by the carrier of a rule prescribed by the Commission pursuant to this Act. "(e) Cost Recovery for Communications Assistance for Law Enforcement Act Compliance: "(1) Petitions authorized: A common carrier may petition the Commission to adjust charges, practices, classifications, and regulations to recover costs expended for making modifications to equipment, facilities, or services pursuant to the requirements of section 103 of the Communications Assistance for Law Enforcement Act. "(2) Commission authority: The Commission may grant, with or without modification, a petition under paragraph (1) if the Commission determines that such costs are reasonable and that permitting recovery is consistent with the public interest. The Commission may, consistent with maintaining just and reasonable charges, practices, classifications, and regulations in connection with the provision of interstate or foreign communication by wire or radio by a common carrier, allow carriers to adjust such charges, practices, classifications, and regulations in order to carry out the purposes of this Act. "(3) Joint board: The Commission shall convene a Federal-State joint board to recommend appropriate changes to part 36 of the Commission's rules with respect to recovery of costs pursuant to charges, practices, classifications, and regulations under the jurisdiction of the Commission. SECTION 302 RECOVERY OF COST OF COMMISSION PROCEEDINGS. The schedule of application fees in section 8(g) of the Communications Act of 1934 (47 U.S.C. 158(g)) is amended by inserting under item 1 of the matter pertaining to common carrier services the following additional sub-item: "d. Proceeding under section 109(b) of the Communications Assistance for Law Enforcement Act." SECTION 303. CLERICAL AND TECHNICAL AMENDMENTS. (a) Amendments to the Communications Act of 1934: The Communications Act of 1934 is amended-- (1) in section 4(f)(3), by striking "overtime exceeds beyond" and inserting "overtime extends beyond"; (2) in section 5, by redesignating subsection (f) as subsection (e); (3) in section 8(d)(2), by striking "payment of a" and inserting "payment of an"; (4) in the schedule contained in section 8(g), in item 7.f. under the heading "equipment approval services/experimental radio" by striking "Additional Charge" and inserting "Additional Application Fee"; (5) in section 9(f)(1), by inserting before the second sentence the following: "(2) Installment payments:" ; (6) in the schedule contained in section 9(g), in the item pertaining to interactive video data services under the private radio bureau, insert "95" after "47 C.F.R. Part"; (7) in section 220(a)-- (A) by inserting "(1)" after "(a)"; and (B) by adding at the end the following new paragraph: "(2) The Commission shall, by rule, prescribe a uniform system of for use by telephone companies. Such uniform system shall require that each common carrier shall maintain a system of accounting methods, procedures, and techniques (including accounts and supporting records and memoranda) which shall ensure a proper allocation of all costs to and among telecommunications services, facilities, and products (and to and among classes of such services, facilities, and products) which are developed, manufactured, or offered by such common carrier."; (8) in section 220(b), by striking "classes" and inserting "classes"; (9) in section 223(b)(3), by striking "defendant restrict access" and inserting "defendant restricted access"; (10) in section 226(d), by striking paragraph (2) and redesignating paragraphs (3) and (4) as paragraphs (2) and (3), respectively; (11) in section 227(b)(2)(C), by striking "paragraphs" and inserting "paragraph"; (12) in section 227(e)(2), by striking "national database" and inserting "national database"; (13) in section 228(c), by redesignating the second paragraph (2) and paragraphs (3) through (6) as paragraphs (3) through (7), respectively; (14) in section 228(c)(6)(D), by striking "conservation" and inserting "conversation"; (15) in section 308(c), by striking "May 24, 1921" and inserting "May 27, 1921"; (16) in section 309(c)(2)(F), by striking "section 325(b)" and inserting "section 325(c)"; (17) in section 309(i)(4)(A), by striking "Communications Technical Amendments Act of 1982" and inserting "Communications Amendments Act of 1982"; (18) in section 331, by amending the heading of such section to read as follows: "VERY HIGH FREQUENCY STATIONS AND AM RADIO STATIONS"; (19) in section 358, by striking "(a)"; (20) in part III of title III-- (A) by inserting before section 381 the following heading: "VESSELS TRANSPORTING MORE THAN SIX PASSENGERS FOR HIRE REQUIRED TO BE EQUIPPED WITH RADIO TELEPHONE"; (B) by inserting before section 382 the following heading: "VESSELS EXCEPTED FROM RADIO TELEPHONE REQUIREMENT"; (C) by inserting before section 383 the following heading: "EXEMPTIONS BY COMMISSION"; (D) by inserting before section 384 the following heading: "AUTHORITY OF COMMISSION; OPERATIONS, INSTALLATIONS, AND ADDITIONAL EQUIPMENT"; (E) by inserting before section 385 the following heading: "INSPECTIONS"; AND (F) by inserting before section 386 the following heading: "FORFEITURES"; (21) in section 410(c), by striking ", as referred to in sections 202(b) and 205(f) of the Interstate Commerce Act,"; (22) in section 613(b)(2), by inserting a comma after "pole" and after "line"; (23) in section 624(d)(2)(A), by inserting "of" after "viewing"; (24) in section 634(h)(1), by striking "section 602(6)(A)" and inserting "section 602(7)(A)"; (25) in section 705(d)(6), by striking "subsection (d)" and inserting "subsection (e)"; (26) in section 705(e)(3)(A), by striking "paragraph (4) of subsection (d)" and inserting "paragraph (4) of this subsection"; (27) in section 705, by redesignating subsections (f) and (g) (as added by Public Law 100-667) as subsections (g) and (h); and (28) in section 705(h) (as so redesignated), by striking "subsection (f)" and inserting "subsection (g)". (b) Amendments to the Communications Satellite Act of 1962: The Communications Satellite Act of 1962 is amended-- (1) in section 303(a)-- (A) by striking "section 27(d)" and inserting "section 327(d)"; (B) by striking "sec. 29-911(d)" and inserting "sec. 29-327(d)"; (C) by striking "section 36" and inserting "section 336"; and (D) by striking "sec. 29-916d" and inserting "section 29-336(d)"; (2) in section 304(d), by striking "paragraphs (1), (2), (3), (4), and (5) of section 310(a)" and inserting "subsection (a) and paragraphs (1) through (4) of subsection (b) of section 310"; and (3) in section 304(e)-- (A) by striking "section 45(b)" and inserting "section 345(b)"; and (B) by striking "sec. 29-920(b)" and inserting "sec. 29-345(b)"; and (4) in sections 502(b) and 503(a)(1), by striking "the Communications Satellite Corporation" and inserting "the communications satellite corporation established pursuant to title III of this Act". (c) Amendment to the Children's Television Act of 1990: Section 103(a) of the Children's Television Act of 1990 (47 U.S.C. 303b(a)) is amended by striking "non-commercial" and inserting "noncommercial". (d) Amendments to the Telecommunications Authorization Act of 1992: Section 205(1) of the Telecommunications Authorization Act of 1992 is amended-- (1) by inserting an open parenthesis before "other than"; and (2) by inserting a comma after "stations)". (e) Conforming Amendment: Section 1253 of the Omnibus Budget Reconciliation Act of 1981 is repealed. (f) Stylistic Consistency: The Communications Act of 1934 and the Communications Satellite Act of 1962 are amended so that the section designation and section heading of each section of such Acts shall be in the form and typeface of the section designation and heading of this section. SECTION 304. ELIMINATION OF EXPIRED AND OUTDATED PROVISIONS (a) Amendments to the Communications Act of 1934: The Communications Act of 1934 is amended-- (1) in section 7(b), by striking "or twelve months after the date of the enactment of this section, if later" both places it; (2) in section 212, by striking "After sixty days from the enactment of this Act it shall" and inserting "It shall"; (3) in section 213, by striking subsection (g) and redesignating subsection (h) as subsection (g); (4) in section 214, by striking "section 221 or 222" and inserting "section 221"; (5) in section 220(b), by striking ", as soon as practicable,"; (6) by striking section 222; (7) in section 224(b)(2), by striking "Within 180 days from the date of enactment of this section the Commission" and inserting "The Commission"; (8) in 226(e), by striking "within 9 months after the date of enactment of this section,"; (9) in section 309(i)(4)(A), by striking "The commission, not later than 180 days after the date of the enactment of the Communications Technical Amendments Act of 1982, shall," and inserting "The Commission shall,"; (10) by striking section 328; (11) in section 413, by striking ", within sixty days after the taking effect of this Act,"; (12) in section 624(d)(2)(B)-- (A) by striking out "(A)"; (B) by inserting "of" after "restrict the viewing"; and (C) by striking subparagraph (B); (13) by striking sections 702 and 703; (14) in section 704-- (A) by striking subsections (b) and (d); and (B) by redesignating subsection (c) as subsection (b); (15) in section 705(g) (as redesignated by section 304(25)), by striking "within 6 months after the date of enactment of the Satellite Home Viewer Act of 1988, the Federal Communications Commission" and inserting "The Commission"; (16) in section 710(f)-- (A) by striking the first and second sentences; and (B) in the third sentence, by striking "Thereafter, the Commission" and inserting "The Commission"; (17) in section 712(a), by striking ", within 120 days after the effective date of the Satellite Home Viewer Act of 1988,"; and (18) by striking section 713. (b) Amendments to the Communications Satellite Act of 1962: The Communications Satellite Act of 1962 is amended-- (1) in section 201(a)(1), by striking "as expeditiously as possible,"; (2) by striking sections 301 and 302 and inserting the following: "SEC. 301. CREATION OF CORPORATION. "There is authorized to be created a communications satellite corporation for profit which will not be an agency or establishment of the United States Government. "SEC. 302. APPLICABLE LAWS. "The corporation shall be subject to the provisions of this Act and, to the extent consistent with this Act, to the District of Columbia Business Corporation Act. The right to repeal, alter, or amend this Act at any time is expressly reserved."; (3) in section 304(a), by striking "at a price not in excess of $100 for each share and"; (4) in section 404-- (A) by striking subsections (a) and (c); and (B) by redesignating subsection (b) as section 404; (5) in section 503-- (A) by striking paragraph (2) of subsection (a); and (B) by redesignating paragraph (3) of subsection (a) as paragraph (2) of such subsection; (C) by striking subsection (b); (D) in subsection (g)-- (i) by striking "subsection (c)(3)" and inserting "subsection (b)(3)"; and (ii) by striking the last sentence; and (E) by redesignating subsections (c) through (h) as subsections (b) through (g), respectively; (5) by striking sections 505, 506, and 507; and (6) by redesignating section 508 as section 505. VIII THE COMPLETE TEXT OF 18 USC 1029 18 U.S.C. 1029 (As Amended By The Digital Telephony Bill) $ 1029. Fraud and related activity in connection with access devices (a) Whoever -- (1) knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices; (2) knowingly and with intent to defraud traffics in or uses one or more unauthorized access devices during any one-year period, and by such conduct obtains anything of value aggregating $1,000 or more during that period; (3) knowingly and with intent to defraud possesses fifteen or more devices which are counterfeit or unauthorized access devices; (4) knowingly, and with intent to defraud, produces, traffics in, has control or custody of, or possesses device making equipment; or (5) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instruments that has been modified or altered to obtain unauthorized use of telecommunications services; or (6) knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses-- (A) a scanning receiver; or (B) hardware or software used for altering or modifying telecommunications instruments services. (b)(1) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section. (2) Whoever is a party to a conspiracy of two or more persons to commit an offense under subsection (a) of this section, if any of the parties engage in any conduct in furtherance of such offense, shall be fined an amount not greater than the amount provided as the maximum fine for such offense under subsection (c) of this section or imprisoned not longer than one--half of the period provided as the maximum imprisonment for such offense under subsection (c) of this section, or both. (c) The punishment for an offense under subsection (a) or (b)(1) of this section is -- (1) a fine of not more than the greater of $10,000 or twice the value obtained by the offense or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2) or (a)3 of this section which does not occur after a conviction for another offense under either subsection, or an attempt to commit an offense punishable under this paragraph; (2) a fine of not more than the greater of $50,000 or twice the value obtained by the offense or imprisonment for not more than fifteen years, or both, in the case of a subsection (a)(1), (4),(5),(6) of this section which does not occur after a conviction for another offense under either such subsection, or an attempt to commit an offense punishable under this paragraph; and (3) a fine of not more than the greater of $100,000 or twice the value obtained by the offense or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a) which occurs after a conviction for another offense under this subsection, or an attempt to commit an offense punishable under this paragraph. (d) The United States Secret Service shall, in addition to any other agency having such authority, have the authority to investigate offense under this section. Such authority of the United States Secret Service shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General. (e) As used in this section - - (1) the term "access device" means any card, plate, code, account number, electronic serial number, mobile identification number, personal identification number, or other telecommunications service, equipment, or instrument identifier, or other means of account access that can be used, alone or in conjunction with another access device to obtain money, goods, services, or any other thing of value, or that can be used to initiate a transfer of funds (other than a transfer originated solely by paper instrument); (2) the term "counterfeit access device" means any access device that is counterfeit, fictitious, altered, or forged, or an identifiable component of an access device or a counterfeit access device: (3) the term "unauthorized access device" means any access device that is lost, stolen, expired, revoked, canceled, or obtained with intent to defraud; (4) the term "produce" includes design, alter, authenticate, duplicate or assemble; (5) the term "traffic" means transfer, or otherwise dispose of, to another, or impression designed or primarily used for making an access device or a counterfeit access device and (6) the term "device-making equipment" means any equipment, mechanism, or impression designed or primarily used for making an access device or a counterfeit access device. ; (7) the term "scanning receiver" means a device or apparatus that can be used to intercept a wire or electronic communication in violation of chapter 119. (f) This section does not prohibit any lawfully authorized investigative, protective or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States, or any activity authorized under chapter 224 of this title. For purposes of this subsection, the term "State" includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States. "We lobbied for passage of the Telephony bill, which the president just signed. The bill enhances the language in Title 18, Section 1029. That's the Secret Service statute that deals with fraudulent or counterfeit access devices. Prior to this bill being signed, there was no reference to wireless communications. Now the language in the statute clearly includes the cellular phones. This has added that tool to the arsenal of the Secret Service." Tom McLure, director of fraud management for the CTIA It's All About Context! The full text of 18 U.S.C. as amended by the digital telephony bill is show on this page. Additions are in bold and deletions are in cross outs. This shows the value of putting all those scattered paragraphs into context. The teams of lawyers who drafted this bill had to have looked up every section and reg affected. . . IX. SPECIAL E-ZINE BONUS: THE REGULATION PROHIBITING CLONING AS WELL AS SUPPORTING MATERIAL AS SUPPLIED BY ROBERT KELLER TO CompuServe Set forth below are excerpts from FCC rules and policy statements regarding cloning and/or modification of the electronic serial number (ESN) in cellular phones. ================= TABLE OF CONTENTS ================= A. Federal Communications Commission Report and Order (CC Docket Nos. 92-115, 94-46, and 93-116) Adopted: August 2, 1994 Released: September 9, 1994 Rule Changes Effective: January 1, 1995 1. Excerpt, Paragraphs 54-63 2. Excerpt, Appendix A Detailed Discussion of Part 22 Rule Amendments Section 22.919 Electronic serial numbers. 3. Excerpt, Appendix B - Final Rules New FCC Rule Section 22.919 47 C.F.R. Section 22.919 B. FCC's Stated Position on Rules and Policy Prior to Rule Changes in CC Docket No. 92-115 If you have any questions, please feel free to contact me: Bob Keller (KY3R) ============================== Robert J. Keller, P.C. ------------------------------ Federal Telecommunications Law 4200 Wisconsin Ave NW #106-261 Washington, DC 20016-2143 USA ------------------------------ Internet: rjk@telcomlaw.com Telephone: +1 301.229.5208 Facsimile: +1 301.229.6875 CompuServe UID: 76100.3333 ============================== =========================================================== A. Federal Communications Commission Report and Order (CC Docket Nos. 92-115, 94-46, and 93-116) Adopted: August 2, 1994 Released: September 9, 1994 Rule Changes Effective: January 1, 1995 =========================================================== -------------------------- 1. Excerpt, Paragraphs 54-63: -------------------------- Cellular Electronic Serial Numbers 54. Proposal. We proposed in the Notice a new rule (Section 22.919) intended to help reduce the fraudulent use of cellular equipment caused by tampering with the unique Electronic Serial Numbers (ESN) that identify mobile equipment to cellular systems. The purposes of the ESN in a cellular telephone are similar to the Vehicle Identification Numbers in automobiles. That is, it uniquely identifies the equipment in order to assist in recovery if it is stolen. More importantly, in the case of cellular telephones, the ESN enables the carriers to bill properly for calls made from the telephone. Any alteration of the ESN renders it useless for this purpose. The proposed rule explicitly establishes anti-fraud design specifications that require, among other things, that the ESN must be programmed into the equipment at the factory and must not be alterable, removable, or in any way able to be manipulated in the field. In addition, the proposed rules require that the ESN component be permanently attached to a main circuit board of the mobile transmitter and that the integrity of the unit's operating software not be alterable. 55. Comments. The commenters generally support our proposal,[94] but they suggest some modifications. For example, BellSouth, Southwestern Bell, GTE, and CIA suggest that our proposal should be modified to provide that equipment already manufactured, is exempt from the rule.[95] They argue that subjecting existing phones to this rule would be very expensive and difficult, if not impossible, to implement. Therefore, they recommend that the rule apply only to phones manufactured after a particular date.[96] NYNEX recommends that we not require the ESN chip to be secured to the main circuit board of the mobile transmitter as proposed. Rather, NYNEX suggests that the ESN chip be attached to the frame of the radio and attached to the logic board by cable.[97] In addition, it recommends that operating software be encoded or scattered over different memory chips.[98] Motorola, Inc. (Motorola) and Ericsson Corp. (Ericsson), two manufacturers of cellular mobile equipment, suggest that the proposal be modified to allow authorized service centers or representatives to make necessary and required changes to ESNs in mobile and portable units in the field.[99] 56. Southwestern Bell recommends that the rule also apply to mobile equipment associated with a wireless private branch exchange (PBX).[100] CTIA suggests that the proposal be modified in several respects. First, it states that we should clarify that requiring a mobile transmitter to have a "unique" ESN, means that any particular ESN will not exist in more than one mobile unit. Second, CTIA suggests that ESN manipulation not be permitted "outside a manufacturer's authorized facility." Third, it requests that cellular mobile units be required to be designed to comply with the "applicable industry standard for authentication."[101] New Vector supports the proposed rule, but emphasizes that the ESN criteria should be incorporated into the type-acceptance rules to clarify that manufacturers will be subject to the Commission's enforcement procedures if they do not comply with the ESN requirements.[102] 57. C2+ Technology (C2+) requests that we allow companies to market ancillary cellular equipment that emulates ESNs for the purpose of allowing more than one cellular phone to have the same telephone number. It argues that emulating ESNs in the way it describes benefits the public, does not involve fraud, and retains the security and integrity of the cellular phones.[103] In opposition, Ericsson asserts that the rules should include procedures to ensure that ESNs are not easily transferable through the use of an encrypted data transfer device.[104] Similarly, New Par suggests that the proposed rule proscribe activity that does not physically alter the chip yet affects the radiated ESN by translating the ESN signal that the mobile unit transmits.[105] 58. Discussion. The record before us demonstrates the need for measures that will help reduce the fraudulent use of cellular equipment caused by tampering with the ESN. We therefore adopt the proposed rule for the reasons set forth below. 59. Contrary to the suggestion of one commenter, the ESN rule will not prevent a consumer from having two cellular telephones with the same telephone number. Changing the ESN emitted by a cellular telephone to be the same as that emitted by another cellular telephone does not create an "extension" cellular telephone. Rather, it merely makes it impossible for the cellular system to distinguish between the two telephones. We note that Commission rules do not prohibit assignment of the same telephone number to two or more cellular telephones.[106] It is technically possible to have the same telephone number for two or more cellular telephones, each having a unique ESN.[107] If a cellular carrier wishes to provide this service, it may. In this connection, we will not require that use of cellular telephones comply with an industry authentication procedure as requested by CTIA, as this could have the unintended effect of precluding multiple cellular telephones (each with a unique ESN) from having the same telephone number. 60. Further, we conclude that the practice of altering cellular phones to "emulate" ESNs without receiving the permission of the relevant cellular licensee should not be allowed because (1) simultaneous use of cellular telephones fraudulently emitting the same ESN without the licensee's permission could cause problems in some cellular systems such as erroneous tracking or billing; (2) fraudulent use of such phones without the licensee's permission could deprive cellular carriers of monthly per telephone revenues to which they are entitled; and (3) such altered phones not authorized by the carrier, would therefore not fall within the licensee's blanket license, and thus would be unlicensed transmitters in violation of Section 301 of the Act. Therefore, we agree with New Par and Ericsson that the ESN rule should proscribe activity that does not physically alter the ESN, but affects the radiated ESN, including activities that transfer ESNs through the use of an encrypted data transfer device. 61. With respect to the proposal to allow alteration of ESNs by manufacturers' authorized service centers or representatives, we note that computer software to change ESNs, which is intended to be used only by authorized service personnel, might become available to unauthorized persons through privately operated computer "bulletin boards". We have no knowledge that it is now possible to prevent unauthorized use of such software for fraudulent purposes. Accordingly, we decline to make the exception requested by Motorola and Ericsson. 62. We further agree with the commenters that it would be impractical to apply the new rule to existing equipment. Accordingly, we are not requiring that cellular equipment that is currently in use or has received a grant of type-acceptance be modified or retrofitted to comply with the requirements of this rule. Thus, the ESN rule will apply only to cellular equipment for which initial type-acceptance is sought after the date that our rules become effective. Nevertheless, with regard to existing equipment, we conclude that cellular telephones with altered ESNs do not comply with the cellular system compatibility specification[108] and thus may not be considered authorized equipment under the original type acceptance. Accordingly, a consumer's knowing use of such altered equipment would violate our rules. We further believe that any individual or company that knowingly alters cellular telephones to cause them to transmit an ESN other than the one originally installed by the manufacturer is aiding in the violation of our rules. Thus, we advise all cellular licensees and subscribers that the use of the C2+ altered cellular telephones constitutes a violation of the Act and our rules. 63. With respect to NYNEX's proposed modifications for securing the ESN chip to the mobile transmitter, the record does not convince us that these modifications will make the ESN rule more effective. Therefore, we do not adopt NYNEX's proposal. We agree with Southwestern Bell that the ESN rule should apply to mobile equipment associated with wireless PBX if the equipment can also be used on cellular systems. We also clarify that the new ESN rule prohibits the installation of an ESN in more than one mobile transmitter. Finally, as suggested by New Vector, we amend the type-acceptance rule to refer to the newly adopted ESN rule.[109] [Footnotes] [94] See PacTel Comments at 2; CTIA Comments at 7-8. [95] BellSouth Comments at Appendix 2, p.36; Southwestern Bell Comments at 28-29; GTE Comments at 30; CTIA Comments at 8. [96] For example, BellSouth suggests that the anti-fraud measures should not apply to equipment type-accepted before January 1, 1993. [97] NYNEX Comments at 8. [98] Id. at 8-9. [99] Ericsson Reply Comments at 2-5; Motorola Reply Comments at 3. [100] Southwestern Bell Comments at 29. [101] CTIA Comments at 8. [102] New Vector Comments at Appendix I, p.44. [103] C2+ Comments at 1-2. [104] Ericsson Reply Comments at 3-4. [105] New Par Comments at 21-22. [106] The telephone number is referred to in the cellular compatibility specification as the Mobile Identification Number or "MIN" [107] It is not technically necessary to have the same ESN in order to have the same telephone number. Nevertheless, the authentication software used by some cellular systems does not permit two cellular telephones with the same telephone number. In such cases, cellular carriers should explain to consumers who request this service that their system is not yet capable of providing it. [108] See old Section 22.915, which becomes new Section 22.933 in Appendices A and B. [109] See discussion of new Section 22.377 in Appendix A. ---------------------------------------------- 2. Excerpt, Appendix A Detailed Discussion of Part 22 Rule Amendments Section 22.919 Electronic serial numbers. ---------------------------------------------- Section 22.919 Electronic serial numbers. The purpose of this new section is to deter cellular fraud by requiring that the Electronic Serial Number (ESN) unique to each cellular phone be factory set, inalterable, non-transferable, and otherwise tamper-proof and free of fraudulent manipulation in the field. This subject received substantial attention from commenters and is discussed in the Report and Order. --------------------------------- 3. Excerpt, Appendix B - Final Rules New FCC Rule Section 22.919 47 C.F.R. Section 22.919 --------------------------------- 22.919 Electronic serial numbers. The Electronic Serial Number (ESN) is a 32 bit binary number that uniquely identifies a cellular mobile transmitter to any cellular system. (a) Each mobile transmitter in service must have a unique ESN. (b) The ESN host component must be permanently attached to a main circuit board of the mobile transmitter and the integrity of the unit's operating software must not be alterable. The ESN must be isolated from fraudulent contact and tampering. If the ESN host component does not contain other information, that component must not be removable, and its electrical connections must not be accessible. If the ESN host component contains other information, the ESN must be encoded using one or more of the following techniques: (1) Multiplication or division by a polynomial; (2) Cyclic coding; (3) The spreading of ESN bits over various non- sequential memory locations. (c) Cellular mobile equipment must be designed such that any attempt to remove, tamper with, or change the ESN chip, its logic system, or firmware originally programmed by the manufacturer will render the mobile transmitter inoperative. (d) The ESN must be factory set and must not be alterable, transferable, removable or otherwise able to be manipulated in the field. Cellular equipment must be designed such that any attempt to remove, tamper with, or change the ESN chip, its logic system, or firmware originally programmed by the manufacturer will render the mobile transmitter inoperative. ============================================= B. FCC's Stated Position on Rules and Policy Prior to Rule Changes in CC Docket No. 92-115 ============================================= PUBLIC NOTICE FEDERAL COMMUNICATIONS COMMISSION COMMON CARRIER PUBLIC MOBILE SERVICES INFORMATION October 2, 1991 Report No. CL-92-3 CHANGING ELECTRONIC SERIAL NUMBERS ON CELLULAR PHONES IS A VIOLATION OF THE COMMISSION'S RULES It has come to the attention of the Mobile Services Division that individuals and companies may be altering the Electronic Serial Number ( ESN) on cellular phones. Paragraph 2.3.2 in OST Bulletin No. 53 (Cellular System Mobile Station - Land Station Compatibility Specification, July, 1983) states that "[a]ttempts to change the serial number circuitry should render the mobile station inoperative." The 1981 edition of these compatibility specifications (which contains the same wording) was included as Appendix D in CC Docket 79-318 and is incorporated into Section 22.915 of the Commission's rules. Phones with altered ESNs do not comply with the Commission's rules and any individual or company operating such phones or performing such alterations is in violation of Section 22.915 of the Commission's rules and could be subject to appropriate enforcement action. Questions concerning this Public Notice should be addressed to Steve Markendorff at 202-653-5560 or Andrew Nachby at 202-632-6450. | Robert J. Keller, P.C. Internet: rjk@telcomlaw.com | | Federal Telecommunications Law Telephone: +1 301.229.5208 | | 4200 Wisconsin Ave NW #106-261 Facsimile: +1 301.229.6875 | | Washington, DC 20016-2143 USA CompuServe UID: 76100.3333 |